Product:

Ansible_automation_platform

(Redhat)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2024-02-05 CVE-2023-50782 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Python\-Cryptography, Ansible_automation_platform, Enterprise_linux, Update_infrastructure 7.5
2023-10-04 CVE-2023-4380 A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. Ansible_automation_platform, Ansible_developer, Ansible_inside 6.3
2023-12-18 CVE-2023-5115 An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. Debian_linux, Ansible_automation_platform, Ansible_developer, Ansible_inside 6.3
2021-09-22 CVE-2021-3583 A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. Ansible_automation_platform, Ansible_engine, Ansible_tower 7.1
2023-10-04 CVE-2023-4237 A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. Ansible_automation_platform, Ansible_collection 7.8
2021-04-29 CVE-2021-20228 A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. Debian_linux, Ansible_automation_platform, Ansible_engine, Ansible_tower 7.5
2022-04-18 CVE-2021-3681 A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection... Ansible_automation_platform, Ansible_galaxy 5.5
2022-09-13 CVE-2022-3205 Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection Ansible_automation_platform 6.1
2023-10-04 CVE-2023-3971 An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. Ansible_automation_controller, Ansible_automation_platform, Ansible_developer, Ansible_inside 5.4
2022-08-18 CVE-2022-2568 A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. Ansible_automation_platform 6.5