Vulnerabilities > Redhat > Ansible Automation Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |
2023-12-18 | CVE-2023-5115 | Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. | 6.3 |
2023-12-12 | CVE-2023-5764 | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. | 7.8 |
2023-11-14 | CVE-2023-5189 | Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. | 6.5 |
2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-10-04 | CVE-2023-3971 | Cross-site Scripting vulnerability in Redhat products An HTML injection flaw was found in Controller in the user interface settings. | 5.4 |
2023-10-04 | CVE-2023-4237 | Unspecified vulnerability in Redhat Ansible Automation Platform and Ansible Collection A flaw was found in the Ansible Automation Platform. | 7.8 |
2023-10-04 | CVE-2023-4380 | Information Exposure Through Log Files vulnerability in Redhat products A logic flaw exists in Ansible Automation platform. | 6.3 |
2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |