Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2021-20178
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible Tower 3.0
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
2.1
CVSSv2
CVE-2021-20191
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne...
Oracle Virtualization 4.0
Redhat Ansible Tower 3.0
Redhat Google Cloud Platform Ansible Collection 1.0.2
Redhat Cisco Nx-os Collection
Redhat Ansible
Redhat Community General Collection
Redhat Community Network Collection
Redhat Docker Community Collection
NA
CVE-2023-3971
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an malicious user to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Redhat Ansible Automation Controller 4.4
Redhat Ansible Automation Controller
Redhat Ansible Automation Platform 2.3
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.0
Redhat Ansible Inside 1.1
2.1
CVSSv2
CVE-2020-1736
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restricti...
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2.1
CVSSv2
CVE-2014-4660
Ansible prior to 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "...
Redhat Ansible
1.9
CVSSv2
CVE-2013-4259
runner/connection_plugins/ssh.py in Ansible prior to 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
Redhat Ansible
5.8
CVSSv2
CVE-2013-2233
Ansible prior to 1.2.1 makes it easier for remote malicious users to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Redhat Ansible
2.1
CVSSv2
CVE-2014-4658
The vault subsystem in Ansible prior to 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Redhat Ansible
7.5
CVSSv2
CVE-2014-4657
The safe_eval function in Ansible prior to 1.5.4 does not properly restrict the code subset, which allows remote malicious users to execute arbitrary code via crafted instructions.
Redhat Ansible
2.1
CVSSv2
CVE-2014-4659
Ansible prior to 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Redhat Ansible
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »