Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible vulnerabilities and exploits
(subscribe to this query)
5
CVSSv3
CVE-2020-1746
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules a...
Redhat Ansible Tower
Redhat Ansible Engine
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-3205
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.0
5.5
CVSSv3
CVE-2021-20178
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible Tower 3.0
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
8.8
CVSSv3
CVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an malicious user to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
Redhat Ansible Tower 3.0
Redhat Ansible Automation Platform Early Access 2.0
Redhat Ansible Automation Platform Text-only Advisories -
Redhat Ansible Automation Platform 2.0
Redhat Ansible Automation Platform 2.1
3.9
CVSSv3
CVE-2020-1738
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2....
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
NA
CVE-2015-3908
Ansible prior to 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Redhat Ansible
1 Github repository
9.8
CVSSv3
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible prior to 1.6.7 allow remote malicious users to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a...
Redhat Ansible
1 Github repository
4.2
CVSSv3
CVE-2019-3828
Ansible fetch module prior to 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Redhat Ansible
5.6
CVSSv3
CVE-2018-1000149
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlayb...
Jenkins Ansible
NA
CVE-2013-4259
runner/connection_plugins/ssh.py in Ansible prior to 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
Redhat Ansible
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »