Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-2686
Ansible before 1.5.4 mishandles the evaluation of some strings.
Redhat Ansible
4.3
CVSSv2
CVE-2015-3908
Ansible prior to 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Redhat Ansible
1 Github repository
5.8
CVSSv2
CVE-2013-2233
Ansible prior to 1.2.1 makes it easier for remote malicious users to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Redhat Ansible
3.3
CVSSv2
CVE-2019-3828
Ansible fetch module prior to 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Redhat Ansible
1.9
CVSSv2
CVE-2013-4259
runner/connection_plugins/ssh.py in Ansible prior to 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
Redhat Ansible
4
CVSSv2
CVE-2020-2310
Missing permission checks in Jenkins Ansible Plugin 1.0 and previous versions allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Ansible
4
CVSSv2
CVE-2019-10217
A flaw was found in ansible 2.8.0 prior to 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. ...
Redhat Ansible
NA
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551eb_f and previous versions stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins Ansible
NA
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551eb_f and previous versions does not mask extra variables displayed on the configuration form, increasing the potential for malicious users to observe and capture them.
Jenkins Ansible
4.3
CVSSv2
CVE-2015-1368
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) prior to 2.0.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in...
Ansible Tower
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »