VYPR

Vendor CVEs

Ansible

All CVEs

35 total · sorted by risk
  • CVE-2017-12148HigJul 27, 2018
    risk 0.55cvss 8.4epss 0.02

    A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a…

  • CVE-2025-1801HigMar 3, 2025
    risk 0.53cvss 8.1epss 0.00

    A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged…

  • CVE-2016-7070HigSep 11, 2018
    risk 0.52cvss 8.0epss 0.01

    A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

  • CVE-2026-12398HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.01

    A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who…

  • CVE-2026-11837HigJun 10, 2026
    risk 0.47cvss 7.3epss 0.00

    A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage…

  • CVE-2026-11332HigJun 5, 2026
    risk 0.44cvss 7.8epss 0.00

    A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags…

  • CVE-2026-11820modJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    community.general: community.general nexmo — API credentials exposed in GET URL query string[SECURITY] community.general nexmo — API credentials exposed in GET URL query string

  • CVE-2025-2877MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also…

  • CVE-2025-5988MedAug 4, 2025
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.

  • CVE-2024-9620MedOct 8, 2024
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An…

  • CVE-2025-7738MedJul 31, 2025
    risk 0.29cvss 4.4epss 0.00

    A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited…

  • CVE-2024-11483MedNov 25, 2024
    risk 0.26cvss 5.0epss 0.01

    A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2…

  • CVE-2015-1482Feb 4, 2015
    risk 0.04cvss epss 0.09

    Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.

  • CVE-2015-1481Feb 4, 2015
    risk 0.03cvss epss 0.06

    Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.

  • CVE-2015-1368Jan 27, 2015
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in…

  • CVE-2021-20139Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2021-20138Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2021-20137Dec 9, 2021
    risk 0.01cvss epss 0.03

    A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker…

  • CVE-2021-20142Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2021-20141Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2021-20140Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2021-20144Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2021-20143Dec 9, 2021
    risk 0.01cvss epss 0.04

    An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted…

  • CVE-2022-2568Aug 18, 2022
    risk 0.00cvss epss 0.01

    A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.

  • CVE-2021-20145Dec 9, 2021
    risk 0.00cvss epss 0.01

    Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make…

  • CVE-2020-14329May 27, 2021
    risk 0.00cvss epss 0.00

    A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose…

  • CVE-2020-14328May 27, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving…

  • CVE-2020-14327May 27, 2021
    risk 0.00cvss epss 0.00

    A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or…

  • CVE-2020-10709May 27, 2021
    risk 0.00cvss epss 0.00

    A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user…

  • CVE-2020-10698May 27, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by…

  • CVE-2020-10697May 27, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in…

  • CVE-2020-25646Oct 29, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

  • CVE-2019-17445Nov 22, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.

  • CVE-2019-3869Mar 28, 2019
    risk 0.00cvss epss 0.01

    When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.

  • CVE-2018-16879Jan 3, 2019
    risk 0.00cvss epss 0.01

    Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service…