Vulnerabilities > Redhat > Ansible Automation Platform

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
2022-09-13 CVE-2022-3205 Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
network
low complexity
redhat CWE-79
6.1
2022-09-01 CVE-2022-1632 An Improper Certificate Validation attack was found in Openshift.
network
low complexity
redhat fedoraproject
6.5
2022-08-25 CVE-2021-4112 Unspecified vulnerability in Redhat products
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape.
local
low complexity
redhat
8.8
2022-08-18 CVE-2022-2568 Improper Privilege Management vulnerability in Redhat Ansible Automation Platform 2.0/2.1/2.2
A privilege escalation flaw was found in the Ansible Automation Platform.
network
low complexity
redhat CWE-269
6.5
2022-04-18 CVE-2021-3681 Insufficiently Protected Credentials vulnerability in Redhat Ansible Automation Platform and Ansible Galaxy
A flaw was found in Ansible Galaxy Collections.
local
low complexity
redhat CWE-522
5.5
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
2021-04-29 CVE-2021-20228 Information Exposure vulnerability in multiple products
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module.
network
low complexity
redhat debian CWE-200
7.5