Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible automation platform 2.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive infor...
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Ansible
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
Fedoraproject Fedora 38
Fedoraproject Fedora 39
NA
CVE-2023-5115
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an malicious user to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.3
Redhat Ansible Automation Platform 2.4
Redhat Ansible Inside 1.1
Redhat Ansible Inside 1.2
Redhat Ansible Developer 1.0
Redhat Ansible Developer 1.1
Debian Debian Linux 10.0
NA
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an malicious user to use a specially crafted file to introduce templating injection when suppl...
Redhat Ansible 2.16.0
Redhat Ansible
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
NA
CVE-2023-5189
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
35 Github repositories
2 Articles
NA
CVE-2023-4380
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an malicious user to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, an...
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
NA
CVE-2023-3971
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an malicious user to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Redhat Ansible Automation Controller 4.4
Redhat Ansible Automation Controller
Redhat Ansible Automation Platform 2.3
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.0
Redhat Ansible Inside 1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started