Redhat

Ansible Automation Platform

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.37%
  • Veröffentlicht 23.06.2026 19:40:33
  • Zuletzt bearbeitet 27.06.2026 05:16:41

A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged mess...

  • EPSS 0.89%
  • Veröffentlicht 16.06.2026 14:52:06
  • Zuletzt bearbeitet 29.06.2026 18:16:36

A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. A...

  • EPSS 0.28%
  • Veröffentlicht 15.06.2026 08:36:06
  • Zuletzt bearbeitet 15.06.2026 21:09:52

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authoriz...

  • EPSS 0.16%
  • Veröffentlicht 05.06.2026 08:21:43
  • Zuletzt bearbeitet 30.06.2026 03:17:08

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrar...

  • EPSS 0.4%
  • Veröffentlicht 04.05.2026 14:16:35
  • Zuletzt bearbeitet 30.06.2026 03:21:11

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This ...

  • EPSS 0.15%
  • Veröffentlicht 08.04.2026 13:55:00
  • Zuletzt bearbeitet 01.05.2026 20:19:48

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who ...

  • EPSS 0.17%
  • Veröffentlicht 27.02.2026 07:30:00
  • Zuletzt bearbeitet 25.03.2026 20:18:06

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or social...

  • EPSS 0.2%
  • Veröffentlicht 27.02.2026 07:29:32
  • Zuletzt bearbeitet 25.03.2026 20:19:13

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*)...

  • EPSS 0.17%
  • Veröffentlicht 27.02.2026 07:29:06
  • Zuletzt bearbeitet 26.03.2026 16:56:31

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event ...

  • EPSS 0.39%
  • Veröffentlicht 08.01.2026 13:44:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on ba...