Vulnerabilities > Redhat > Ansible Automation Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-10033 Cross-site Scripting vulnerability in Redhat products
A vulnerability was found in aap-gateway.
network
low complexity
redhat CWE-79
6.1
2024-02-06 CVE-2024-0690 Improper Encoding or Escaping of Output vulnerability in multiple products
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios.
local
low complexity
redhat fedoraproject CWE-116
5.5
2023-12-18 CVE-2023-5115 Absolute Path Traversal vulnerability in multiple products
An absolute path traversal attack exists in the Ansible automation platform.
network
low complexity
redhat debian CWE-36
6.3
2023-11-14 CVE-2023-5189 Relative Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite
A path traversal vulnerability exists in Ansible when extracting tarballs.
network
low complexity
redhat CWE-23
6.5
2023-10-04 CVE-2023-3971 Cross-site Scripting vulnerability in Redhat products
An HTML injection flaw was found in Controller in the user interface settings.
network
low complexity
redhat CWE-79
5.4
2023-10-04 CVE-2023-4380 Information Exposure Through Log Files vulnerability in Redhat products
A logic flaw exists in Ansible Automation platform.
network
low complexity
redhat CWE-532
6.3
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
2022-09-13 CVE-2022-3205 Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
network
low complexity
redhat CWE-79
6.1
2022-09-01 CVE-2022-1632 An Improper Certificate Validation attack was found in Openshift.
network
low complexity
redhat fedoraproject
6.5
2022-08-18 CVE-2022-2568 Improper Privilege Management vulnerability in Redhat Ansible Automation Platform 2.0/2.1/2.2
A privilege escalation flaw was found in the Ansible Automation Platform.
network
low complexity
redhat CWE-269
6.5