Redhat

Ansible Automation Platform

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-4237

  • EPSS 0.07%
  • Veröffentlicht 04.10.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:34:41

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the sys...

5.5

CVE-2022-3644

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.10.2022 18:15:10
  • Zuletzt bearbeitet 07.05.2025 20:15:21

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

6.1

CVE-2022-3205

  • EPSS 0.51%
  • Veröffentlicht 13.09.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:02

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

6.5

CVE-2022-1632

  • EPSS 0.12%
  • Veröffentlicht 01.09.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:08

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an i...

8.8

CVE-2021-4112

  • EPSS 0.12%
  • Veröffentlicht 25.08.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:55

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

6.5

CVE-2022-2568

Exploit
  • EPSS 0.21%
  • Veröffentlicht 18.08.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:01:15

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.

5.5

CVE-2021-3681

  • EPSS 0.04%
  • Veröffentlicht 18.04.2022 17:15:15
  • Zuletzt bearbeitet 21.11.2024 06:22:08

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This cont...

7.1

CVE-2021-3583

  • EPSS 0.28%
  • Veröffentlicht 22.09.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:54

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not r...

7.5

CVE-2021-20228

  • EPSS 0.24%
  • Veröffentlicht 29.04.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:10

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive informa...