Ansible Automation Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-06	CVE-2024-0690	Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. local low complexity redhat fedoraproject CWE-116	5.5
2024-02-05	CVE-2023-50782	Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. network low complexity redhat python-cryptography-project CWE-203	7.5
2023-12-18	CVE-2023-5115	Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. network low complexity redhat debian CWE-22	6.3
2023-12-12	CVE-2023-5764	A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. local low complexity redhat fedoraproject	7.8
2023-11-14	CVE-2023-5189	Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. network low complexity redhat CWE-22	6.5
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-10-04	CVE-2023-3971	Cross-site Scripting vulnerability in Redhat products An HTML injection flaw was found in Controller in the user interface settings. network low complexity redhat CWE-79	5.4
2023-10-04	CVE-2023-4237	Unspecified vulnerability in Redhat Ansible Automation Platform and Ansible Collection A flaw was found in the Ansible Automation Platform. local low complexity redhat	7.8
2023-10-04	CVE-2023-4380	Information Exposure Through Log Files vulnerability in Redhat products A logic flaw exists in Ansible Automation platform. network low complexity redhat CWE-532	6.3
2022-10-25	CVE-2022-3644	Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. local low complexity pulpproject redhat CWE-522	5.5