Skip to main content

Ansible Automation Platform

15 CVEs product

Monthly

CVE-2024-10033 MEDIUM This Month

A vulnerability was found in aap-gateway. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ansible Automation Platform Ansible Developer Ansible Inside
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0690 PyPI MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux Ansible Automation Platform Ansible Developer +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-50782 PyPI HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform Enterprise Linux Update Infrastructure +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-5115 PyPI MEDIUM PATCH This Month

An absolute path traversal attack exists in the Ansible automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ansible Automation Platform Ansible Inside Ansible Developer Debian Linux
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-5764 PyPI HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible Extra Packages For Enterprise Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5189 PyPI MEDIUM POC This Month

A path traversal vulnerability exists in Ansible when extracting tarballs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Automation Platform Satellite
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4380 MEDIUM This Month

A logic flaw exists in Ansible Automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Ansible Developer Ansible Inside
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-4237 PyPI HIGH This Week

A flaw was found in the Ansible Automation Platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Ansible Collection
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3971 MEDIUM This Month

An HTML injection flaw was found in Controller in the user interface settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ansible Automation Controller Ansible Automation Platform Ansible Developer Ansible Inside
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3644 PyPI MEDIUM POC PATCH This Month

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pulp Ansible Ansible Automation Platform Satellite Update Infrastructure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3205 MEDIUM This Month

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat XSS Ansible Automation Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-1632 MEDIUM This Month

An Improper Certificate Validation attack was found in Openshift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Openshift Container Platform Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2568 MEDIUM POC This Month

A privilege escalation flaw was found in the Ansible Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ansible Automation Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3583 PyPI HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine Ansible Tower
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-20228 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability was found in aap-gateway. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ansible Automation Platform Ansible Developer +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform +4
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

An absolute path traversal attack exists in the Ansible automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ansible Automation Platform Ansible Inside +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible +5
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A path traversal vulnerability exists in Ansible when extracting tarballs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Automation Platform Satellite
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

A logic flaw exists in Ansible Automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Ansible Developer +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A flaw was found in the Ansible Automation Platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Ansible Collection
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An HTML injection flaw was found in Controller in the user interface settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ansible Automation Controller Ansible Automation Platform +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pulp Ansible Ansible Automation Platform +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat XSS Ansible Automation Platform
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An Improper Certificate Validation attack was found in Openshift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Openshift Container Platform +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A privilege escalation flaw was found in the Ansible Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ansible Automation Platform
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy