Redhat

Ansible Automation Platform

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-5988

  • EPSS 0.02%
  • Veröffentlicht 04.08.2025 15:16:43
  • Zuletzt bearbeitet 05.08.2025 14:34:17

A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.

4.4

CVE-2025-7738

  • EPSS 0.02%
  • Veröffentlicht 31.07.2025 14:12:02
  • Zuletzt bearbeitet 04.08.2025 22:15:28

A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurat...

3.1

CVE-2025-53861

  • EPSS 0.01%
  • Veröffentlicht 11.07.2025 12:44:17
  • Zuletzt bearbeitet 11.08.2025 19:21:12

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

3.5

CVE-2025-53862

  • EPSS 0.05%
  • Veröffentlicht 11.07.2025 12:34:24
  • Zuletzt bearbeitet 11.08.2025 19:20:55

A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.

8.8

CVE-2025-49520

  • EPSS 0.12%
  • Veröffentlicht 30.06.2025 20:45:28
  • Zuletzt bearbeitet 03.07.2025 15:14:12

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands o...

8.8

CVE-2025-49521

  • EPSS 0.12%
  • Veröffentlicht 30.06.2025 20:45:13
  • Zuletzt bearbeitet 03.07.2025 15:14:12

A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or...

6.5

CVE-2025-2877

  • EPSS 0.05%
  • Veröffentlicht 28.03.2025 14:15:21
  • Zuletzt bearbeitet 07.04.2025 16:15:25

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" acti...

8.1

CVE-2025-1801

  • EPSS 0.05%
  • Veröffentlicht 03.03.2025 15:15:16
  • Zuletzt bearbeitet 03.03.2025 15:15:16

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the...

5

CVE-2024-11483

  • EPSS 0.12%
  • Veröffentlicht 25.11.2024 04:15:03
  • Zuletzt bearbeitet 18.12.2024 04:15:07

A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base....

5.5

CVE-2024-11079

  • EPSS 0.39%
  • Veröffentlicht 12.11.2024 00:15:15
  • Zuletzt bearbeitet 18.12.2024 04:15:06

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module ...