Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible ansible vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2021-20180
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible
383
VMScore
CVE-2015-3908
Ansible prior to 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Redhat Ansible
1 Github repository
578
VMScore
CVE-2014-3498
The user module in ansible prior to 1.6.6 allows remote authenticated users to execute arbitrary commands.
Redhat Ansible
1 Github repository
505
VMScore
CVE-2015-1482
Ansible Tower (aka Ansible UI) prior to 2.0.5 allows remote malicious users to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
Ansible Tower
1 EDB exploit
NA
CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Pulpproject Pulp Ansible -
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
Redhat Update Infrastructure 3.0
587
VMScore
CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the defaul...
Redhat Ansible Tower 3.0
Redhat Ansible Engine
Redhat Ansible Tower
Redhat Ceph Storage 3.0
Redhat Ceph Storage 2.0
Redhat Openstack Platform 13.0
Redhat Openstack Platform 10.0
Debian Debian Linux 10.0
801
VMScore
CVE-2020-1716
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clus...
Ceph Ceph-ansible
356
VMScore
CVE-2019-3869
When running Tower prior to 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Redhat Ansible Tower
668
VMScore
CVE-2018-16879
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service att...
Redhat Ansible Tower
320
VMScore
CVE-2020-10697
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in th...
Redhat Ansible Tower
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »