Vulnerabilities > Redhat > Ansible Automation Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
2022-09-13 | CVE-2022-3205 | Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0 Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | 6.1 |
2022-09-01 | CVE-2022-1632 | An Improper Certificate Validation attack was found in Openshift. | 6.5 |
2022-08-25 | CVE-2021-4112 | Unspecified vulnerability in Redhat products A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. | 8.8 |
2022-08-18 | CVE-2022-2568 | Improper Privilege Management vulnerability in Redhat Ansible Automation Platform 2.0/2.1/2.2 A privilege escalation flaw was found in the Ansible Automation Platform. | 6.5 |
2022-04-18 | CVE-2021-3681 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Automation Platform and Ansible Galaxy A flaw was found in Ansible Galaxy Collections. | 5.5 |
2021-09-22 | CVE-2021-3583 | Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower A flaw was found in Ansible, where a user's controller is vulnerable to template injection. | 7.1 |
2021-04-29 | CVE-2021-20228 | Information Exposure vulnerability in multiple products A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. | 7.5 |