Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ansible_automation_platform
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-29 | CVE-2021-20228 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. | Debian_linux, Ansible_automation_platform, Ansible_engine, Ansible_tower | 7.5 | ||
| 2022-04-18 | CVE-2021-3681 | A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection... | Ansible_automation_platform, Ansible_galaxy | 5.5 | ||
| 2022-09-13 | CVE-2022-3205 | Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | Ansible_automation_platform | 6.1 | ||
| 2023-10-04 | CVE-2023-3971 | An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. | Ansible_automation_controller, Ansible_automation_platform, Ansible_developer, Ansible_inside | 5.4 | ||
| 2022-08-18 | CVE-2022-2568 | A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. | Ansible_automation_platform | 6.5 | ||
| 2022-08-25 | CVE-2021-4112 | A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. | Ansible_automation_platform, Ansible_automation_platform_early_access, Ansible_automation_platform_text\-Only_advisories, Ansible_tower | 8.8 | ||
| 2022-09-01 | CVE-2022-1632 | An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. | Fedora, Ansible_automation_platform, Openshift_container_platform | 6.5 | ||
| 2022-10-25 | CVE-2022-3644 | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | Pulp_ansible, Ansible_automation_platform, Satellite, Update_infrastructure | 5.5 |