Ansible Automation Platform
by Red Hat
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4380 | 0.00 | — | 0.01 | Oct 4, 2023 | A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and… | |||
| CVE-2023-4237 | 0.00 | — | 0.00 | Oct 4, 2023 | A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality,… | |||
| CVE-2022-3205 | 0.00 | — | 0.00 | Sep 13, 2022 | Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | |||
| CVE-2021-3447 | 0.00 | — | 0.00 | Apr 1, 2021 | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the… |
- CVE-2023-4380Oct 4, 2023risk 0.00cvss —epss 0.01
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and…
- CVE-2023-4237Oct 4, 2023risk 0.00cvss —epss 0.00
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality,…
- CVE-2022-3205Sep 13, 2022risk 0.00cvss —epss 0.00
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
- CVE-2021-3447Apr 1, 2021risk 0.00cvss —epss 0.00
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the…
Page 2 of 2