Skip to main content

Ansible Semaphore

2 CVEs product

Monthly

CVE-2023-39059 Go HIGH POC This Week

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ansible Semaphore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-28609 Go CRITICAL PATCH Act Now

api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ansible Semaphore
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ansible Semaphore
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ansible Semaphore
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy