Redhat

Ansible Automation Platform

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-5189

Exploit
  • EPSS 0.42%
  • Veröffentlicht 14.11.2023 23:15:12
  • Zuletzt bearbeitet 06.12.2024 11:15:07

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being ...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

6.3

CVE-2023-4380

  • EPSS 0.08%
  • Veröffentlicht 04.10.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:34:58

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confid...

7.8

CVE-2023-4237

  • EPSS 0.07%
  • Veröffentlicht 04.10.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:34:41

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the sys...

5.4

CVE-2023-3971

  • EPSS 0.44%
  • Veröffentlicht 04.10.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:18:25

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

5.5

CVE-2022-3644

Exploit
  • EPSS 0.03%
  • Veröffentlicht 25.10.2022 18:15:10
  • Zuletzt bearbeitet 07.05.2025 20:15:21

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

6.1

CVE-2022-3205

  • EPSS 0.51%
  • Veröffentlicht 13.09.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:02

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

6.5

CVE-2022-1632

  • EPSS 0.16%
  • Veröffentlicht 01.09.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:08

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an i...

8.8

CVE-2021-4112

  • EPSS 0.05%
  • Veröffentlicht 25.08.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:55

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

6.5

CVE-2022-2568

Exploit
  • EPSS 0.22%
  • Veröffentlicht 18.08.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:01:15

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.