Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible ansible vulnerabilities and exploits
(subscribe to this query)
5
CVSSv3
CVE-2020-1746
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules a...
Redhat Ansible Tower
Redhat Ansible Engine
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-3205
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.0
5.5
CVSSv3
CVE-2021-20178
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible Tower 3.0
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
8.8
CVSSv3
CVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an malicious user to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
Redhat Ansible Tower 3.0
Redhat Ansible Automation Platform Early Access 2.0
Redhat Ansible Automation Platform Text-only Advisories -
Redhat Ansible Automation Platform 2.0
Redhat Ansible Automation Platform 2.1
3.9
CVSSv3
CVE-2020-1738
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2....
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
9.8
CVSSv3
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible prior to 1.6.7 allow remote malicious users to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a...
Redhat Ansible
1 Github repository
4.2
CVSSv3
CVE-2019-3828
Ansible fetch module prior to 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Redhat Ansible
9.8
CVSSv3
CVE-2014-4657
The safe_eval function in Ansible prior to 1.5.4 does not properly restrict the code subset, which allows remote malicious users to execute arbitrary code via crafted instructions.
Redhat Ansible
5.5
CVSSv3
CVE-2014-4658
The vault subsystem in Ansible prior to 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Redhat Ansible
5.5
CVSSv3
CVE-2014-4660
Ansible prior to 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "...
Redhat Ansible
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »