Vulnerabilities > Redhat > Ansible Automation Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
| 2023-12-18 | CVE-2023-5115 | Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. | 6.3 |
| 2023-11-14 | CVE-2023-5189 | Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. | 6.5 |
| 2023-10-04 | CVE-2023-3971 | Cross-site Scripting vulnerability in Redhat products An HTML injection flaw was found in Controller in the user interface settings. | 5.4 |
| 2023-10-04 | CVE-2023-4380 | Information Exposure Through Log Files vulnerability in Redhat products A logic flaw exists in Ansible Automation platform. | 6.3 |
| 2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
| 2022-09-13 | CVE-2022-3205 | Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0 Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | 6.1 |
| 2022-09-01 | CVE-2022-1632 | Improper Certificate Validation vulnerability in multiple products An Improper Certificate Validation attack was found in Openshift. | 6.5 |
| 2022-08-18 | CVE-2022-2568 | Improper Privilege Management vulnerability in Redhat Ansible Automation Platform 2.0/2.1/2.2 A privilege escalation flaw was found in the Ansible Automation Platform. | 6.5 |
| 2022-04-18 | CVE-2021-3681 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Automation Platform and Ansible Galaxy A flaw was found in Ansible Galaxy Collections. | 5.5 |