• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

ansible_automation_platform

CVE-2021-3681

February 23, 2023 by

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the “build_ignore“ list in “galaxy.yml” include files in the “.tar.gz“ file. This contains sensitive info, such as the user’s Ansible Galaxy API key and any secrets in “ansible“ or “ansible-playbook“ verbose output without the“no_log“ redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.

CVE-2022-3644

February 23, 2023 by godfreyd94

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp’s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

CVE-2022-3205

February 23, 2023 by godfreyd94

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

CVE-2022-2568

February 23, 2023 by godfreyd94

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with ‘change user’ permissions to modify the account settings of the superuser account and also remove the superuser privileges.

CVE-2022-1632

February 23, 2023 by

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE