Lucene search

K
RedhatAnsible Automation Platform2.0

9 matches found

CVE
CVE
added 2023/10/10 2:15 p.m.4413 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS
CVE
CVE
added 2024/02/05 9:15 p.m.395 views

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

7.5CVSS7.2AI score0.00726EPSS
CVE
CVE
added 2023/11/14 11:15 p.m.153 views

CVE-2023-5189

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

6.5CVSS6.2AI score0.00424EPSS
CVE
CVE
added 2022/10/25 6:15 p.m.146 views

CVE-2022-3644

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

5.5CVSS5.8AI score0.00032EPSS
CVE
CVE
added 2023/10/04 3:15 p.m.120 views

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabilit...

7.8CVSS6.9AI score0.00072EPSS
CVE
CVE
added 2022/09/01 9:15 p.m.82 views

CVE-2022-1632

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confid...

6.5CVSS6.3AI score0.00129EPSS
CVE
CVE
added 2022/08/25 8:15 p.m.76 views

CVE-2021-4112

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

8.8CVSS8.2AI score0.00036EPSS
CVE
CVE
added 2022/09/13 8:15 p.m.64 views

CVE-2022-3205

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

6.1CVSS5.5AI score0.00391EPSS
CVE
CVE
added 2022/08/18 8:15 p.m.61 views

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.

6.5CVSS6.3AI score0.00095EPSS