Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-44188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access t...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 10:16 a.m.11 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 10:16 a.m.5 views

UBUNTU-CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.9AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 8:36 a.m.33 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 8:36 a.m.11 views

EUVD-2026-36702

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 8:36 a.m.8 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 8:36 a.m.42 views

CVE-2026-44188

Affects Ansible Lightspeed (and Red Hat Ansible Automation Platform context) via insufficient session expiration that allows a valid OAuth token to remain usable after logout, enabling persistent access and unauthorized read of inventories, playbooks, and config data. The connected Red Hat adviso...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49189

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 6:15 a.m.9 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 5:47 a.m.8 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS4.9AI score0.00222EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 5:47 a.m.5 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/06 5:47 a.m.29 views

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 5:47 a.m.6 views

EUVD-2026-5677

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/06 5:47 a.m.5 views

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 5:47 a.m.40 views

CVE-2026-0598

The connected PT-2026-6676 entry confirms a vulnerability in the Ansible Lightspeed API conversation endpoints used for AI chat interactions. Affected component: the conversation endpoints within Ansible Lightspeed API. Root cause:broken object-level authorization that fails to verify that the co...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6676

Name of the Vulnerable Software and Affected Versions Ansible Lightspeed affected versions not specified Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user...

4.2CVSS5.4AI score0.00222EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/05/27 6:15 p.m.11 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

9.1CVSS7AI score0.00527EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/16 8:23 p.m.20 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

9.8CVSS6.8AI score0.01424EPSS
Exploits0References3
Rows per page
Query Builder