Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Ansible Automation Platform

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5764 2 Fedoraproject, Redhat 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more 2024-01-01 N/A 7.8 HIGH
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.
CVE-2021-3583 1 Redhat 3 Ansible Automation Platform, Ansible Engine, Ansible Tower 2023-12-28 3.6 LOW 7.1 HIGH
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2023-44487 31 Akka, Amazon, Apache and 28 more 127 Http Server, Opensearch Data Prepper, Apisix and 124 more 2023-12-20 N/A 7.5 HIGH
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-4237 1 Redhat 2 Ansible Automation Platform, Ansible Collection 2023-12-01 N/A 7.8 HIGH
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
CVE-2021-20228 2 Debian, Redhat 4 Debian Linux, Ansible Automation Platform, Ansible Engine and 1 more 2021-12-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.