Vendor CVEs
Ansible
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12148 | Hig | 0.55 | 8.4 | 0.02 | Jul 27, 2018 | A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a… | ||
| CVE-2025-1801 | Hig | 0.53 | 8.1 | 0.00 | Mar 3, 2025 | A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged… | ||
| CVE-2016-7070 | Hig | 0.52 | 8.0 | 0.01 | Sep 11, 2018 | A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. | ||
| CVE-2026-12398 | Hig | 0.49 | 7.5 | 0.01 | Jun 16, 2026 | A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who… | ||
| CVE-2026-11837 | Hig | 0.47 | 7.3 | 0.00 | Jun 10, 2026 | A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage… | ||
| CVE-2026-11332 | Hig | 0.44 | 7.8 | 0.00 | Jun 5, 2026 | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags… | ||
| CVE-2026-11820 | mod | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | community.general: community.general nexmo — API credentials exposed in GET URL query string[SECURITY] community.general nexmo — API credentials exposed in GET URL query string | ||
| CVE-2025-2877 | Med | 0.42 | 6.5 | 0.00 | Mar 28, 2025 | A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also… | ||
| CVE-2025-5988 | Med | 0.34 | 5.3 | 0.00 | Aug 4, 2025 | A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. | ||
| CVE-2024-9620 | Med | 0.34 | 5.3 | 0.00 | Oct 8, 2024 | A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An… | ||
| CVE-2025-7738 | Med | 0.29 | 4.4 | 0.00 | Jul 31, 2025 | A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited… | ||
| CVE-2024-11483 | Med | 0.26 | 5.0 | 0.01 | Nov 25, 2024 | A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2… | ||
| CVE-2015-1482 | 0.04 | — | 0.09 | Feb 4, 2015 | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. | |||
| CVE-2015-1481 | 0.03 | — | 0.06 | Feb 4, 2015 | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. | |||
| CVE-2015-1368 | 0.03 | — | 0.05 | Jan 27, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in… | |||
| CVE-2021-20139 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2021-20138 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2021-20137 | 0.01 | — | 0.03 | Dec 9, 2021 | A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker… | |||
| CVE-2021-20142 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2021-20141 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2021-20140 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2021-20144 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2021-20143 | 0.01 | — | 0.04 | Dec 9, 2021 | An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted… | |||
| CVE-2022-2568 | 0.00 | — | 0.01 | Aug 18, 2022 | A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. | |||
| CVE-2021-20145 | 0.00 | — | 0.01 | Dec 9, 2021 | Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make… | |||
| CVE-2020-14329 | 0.00 | — | 0.00 | May 27, 2021 | A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose… | |||
| CVE-2020-14328 | 0.00 | — | 0.00 | May 27, 2021 | A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving… | |||
| CVE-2020-14327 | 0.00 | — | 0.00 | May 27, 2021 | A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or… | |||
| CVE-2020-10709 | 0.00 | — | 0.00 | May 27, 2021 | A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user… | |||
| CVE-2020-10698 | 0.00 | — | 0.00 | May 27, 2021 | A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by… | |||
| CVE-2020-10697 | 0.00 | — | 0.00 | May 27, 2021 | A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in… | |||
| CVE-2020-25646 | 0.00 | — | 0.01 | Oct 29, 2020 | A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality | |||
| CVE-2019-17445 | 0.00 | — | 0.00 | Nov 22, 2019 | An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | |||
| CVE-2019-3869 | 0.00 | — | 0.01 | Mar 28, 2019 | When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges. | |||
| CVE-2018-16879 | 0.00 | — | 0.01 | Jan 3, 2019 | Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service… |
- risk 0.55cvss 8.4epss 0.02
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a…
- risk 0.53cvss 8.1epss 0.00
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged…
- risk 0.52cvss 8.0epss 0.01
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
- risk 0.49cvss 7.5epss 0.01
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who…
- risk 0.47cvss 7.3epss 0.00
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage…
- risk 0.44cvss 7.8epss 0.00
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags…
- risk 0.42cvss 6.5epss 0.00
community.general: community.general nexmo — API credentials exposed in GET URL query string[SECURITY] community.general nexmo — API credentials exposed in GET URL query string
- risk 0.42cvss 6.5epss 0.00
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also…
- risk 0.34cvss 5.3epss 0.00
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
- risk 0.34cvss 5.3epss 0.00
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An…
- risk 0.29cvss 4.4epss 0.00
A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited…
- risk 0.26cvss 5.0epss 0.01
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2…
- CVE-2015-1482Feb 4, 2015risk 0.04cvss —epss 0.09
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
- CVE-2015-1481Feb 4, 2015risk 0.03cvss —epss 0.06
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
- CVE-2015-1368Jan 27, 2015risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in…
- CVE-2021-20139Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2021-20138Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2021-20137Dec 9, 2021risk 0.01cvss —epss 0.03
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker…
- CVE-2021-20142Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2021-20141Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2021-20140Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2021-20144Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2021-20143Dec 9, 2021risk 0.01cvss —epss 0.04
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…
- CVE-2022-2568Aug 18, 2022risk 0.00cvss —epss 0.01
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.
- CVE-2021-20145Dec 9, 2021risk 0.00cvss —epss 0.01
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make…
- CVE-2020-14329May 27, 2021risk 0.00cvss —epss 0.00
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose…
- CVE-2020-14328May 27, 2021risk 0.00cvss —epss 0.00
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving…
- CVE-2020-14327May 27, 2021risk 0.00cvss —epss 0.00
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or…
- CVE-2020-10709May 27, 2021risk 0.00cvss —epss 0.00
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user…
- CVE-2020-10698May 27, 2021risk 0.00cvss —epss 0.00
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by…
- CVE-2020-10697May 27, 2021risk 0.00cvss —epss 0.00
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in…
- CVE-2020-25646Oct 29, 2020risk 0.00cvss —epss 0.01
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality
- CVE-2019-17445Nov 22, 2019risk 0.00cvss —epss 0.00
An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.
- CVE-2019-3869Mar 28, 2019risk 0.00cvss —epss 0.01
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
- CVE-2018-16879Jan 3, 2019risk 0.00cvss —epss 0.01
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service…