cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.4,Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2024-10033,https://securityvulnerability.io/vulnerability/CVE-2024-10033,Aap-gateway: xss on aap-gateway,"A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the ""?next="" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.",Red Hat,"Red Hat Ansible Automation Platform 2.5 For Rhel 8,Red Hat Ansible Automation Platform 2.5 For Rhel 9",6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-9979,https://securityvulnerability.io/vulnerability/CVE-2024-9979,Use-After-Free Vulnerability in PyO3 Could Lead to Memory Corruption or Crashes,"A flaw in PyO3 enables a use-after-free issue that can result in memory corruption or application crashes. This vulnerability stems from unsound borrowing from weak Python references, which could be exploited by attackers or inadvertently trigger instability in applications that rely on the affected library. Developers utilizing PyO3 should review their code for instances that may be influenced by this vulnerability and ensure they adopt the latest secure version to mitigate potential risks.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T14:01:54.309Z,0
CVE-2024-1657,https://securityvulnerability.io/vulnerability/CVE-2024-1657,Insecure WebSocket Connection in Ansible Rulebook EDA Server Exposes System Data,"A vulnerability has been identified in the Ansible Automation Platform where an insecure WebSocket connection is utilized during the installation process from the Ansible rulebook EDA server. This security flaw allows an attacker with access to any machine within the same CIDR block to exploit the WebSocket, potentially leading to unauthorized downloading of all rulebook data. As a result, this vulnerability poses significant risks to the confidentiality and integrity of the system, enabling sensitive data exposures and unauthorized access to critical automation resources. Organizations using Ansible Automation Platform are advised to take immediate action to secure their WebSocket configurations and mitigate potential risks.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",8.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0
CVE-2024-1394,https://securityvulnerability.io/vulnerability/CVE-2024-1394,Memory Leak Vulnerability in Golang RSA Code Could Lead to Resource Exhaustion,"A memory leak flaw has been identified in the RSA encrypting and decrypting code of the Golang FIPS OpenSSL library. This issue arises from improper handling of named return parameters, specifically within the RSA library's context initialization process. When errors occur during context initialization or property settings, the related pointers, namely 'pkey' and 'ctx', are left unfreed, leading to a potential resource exhaustion vulnerability. Attackers can exploit this flaw through crafted inputs, causing the application to exhaust memory resources.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Developer Tools,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Rhodf-4.16-rhel-9,Nbde Tang Server,Openshift Developer Tools And Services,Openshift Pipelines,Openshift Serverless,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Certification For Red Hat Enterprise Linux 8,Red Hat Certification For Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Gitops,Red Hat Openshift On Aws,Red Hat Openshift Virtualization 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0,Red Hat Service Interconnect 1,Red Hat Software Collections,Red Hat Storage 3",7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-03-21T12:16:38.790Z,0
CVE-2023-6681,https://securityvulnerability.io/vulnerability/CVE-2023-6681,JWCrypto Vulnerability Could Lead to Denial of Service and Password Brute-Force Attacks,"A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.",Red Hat,"Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7",5.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2024-02-12T14:04:45.113Z,0
CVE-2024-0690,https://securityvulnerability.io/vulnerability/CVE-2024-0690,An Information Disclosure Flaw in Ansible-Core Could Lead to Sensitive Data Exposure,"An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.",Red Hat,",Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-06T12:00:28.505Z,0
CVE-2023-50782,https://securityvulnerability.io/vulnerability/CVE-2023-50782,Remote Decryption Vulnerability in TLS Servers Using RSA Key Exchanges,"A vulnerability has been identified in the python-cryptography package that may allow remote attackers to decrypt captured messages during TLS sessions employing RSA key exchanges. This can lead to significant risks, including the unintended exposure of confidential or sensitive data. Given the widespread use of TLS for securing communications, it is crucial for users and administrators to evaluate their systems and apply necessary updates to mitigate this risk. The flaw underscores the importance of maintaining robust security measures while using cryptographic libraries.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Satellite 6,Red Hat Update Infrastructure 4 For Cloud Providers",7.5,HIGH,0.0015399999683722854,false,,false,false,false,,,false,false,,2024-02-05T20:45:49.705Z,0
CVE-2023-5115,https://securityvulnerability.io/vulnerability/CVE-2023-5115,Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files,An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.,Red Hat,"Red Hat Ansible Automation Platform 2.3 For Rhel 8,Red Hat Ansible Automation Platform 2.3 For Rhel 9,Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Ansible Automation Platform 1.2",6.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-12-18T14:15:00.000Z,0
CVE-2023-5764,https://securityvulnerability.io/vulnerability/CVE-2023-5764,Ansible: template injection,"A template injection flaw exists in Ansible that could potentially allow an attacker to manipulate the internal templating operations of a user's controller. Specifically, this vulnerability may enable an attacker to craft a file that strips the 'unsafe' designation from template data, thus permitting malicious template code to be executed. It is crucial for users to review the affected versions and apply the necessary updates to safeguard their systems from potential exploitation.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-12T22:15:00.000Z,0
CVE-2023-5189,https://securityvulnerability.io/vulnerability/CVE-2023-5189,Hub: insecure galaxy-importer tarfile extraction,"A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",6.5,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2023-11-14T23:15:00.000Z,0
CVE-2022-3248,https://securityvulnerability.io/vulnerability/CVE-2022-3248,"Openshift api admission checks does not enforce ""custom-host"" permissions","A flaw was found in OpenShift API, as admission checks do not enforce ""custom-host"" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.",Red Hat,"Kubernetes,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Tower 3,Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4",4.4,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2023-10-05T13:28:27.973Z,0
CVE-2023-3971,https://securityvulnerability.io/vulnerability/CVE-2023-3971,Controller: html injection in custom login info,"An HTML injection vulnerability exists in the user interface settings of Red Hat Controller, which allows attackers to inject malicious HTML code. This can lead to the creation of custom login pages designed to capture user credentials. As a result, attackers may gain unauthorized access to sensitive information by tricking users into entering their credentials on these fraudulent pages.",Red Hat,"Red Hat Ansible Automation Platform 2.3 For Rhel 8,Red Hat Ansible Automation Platform 2.3 For Rhel 9,Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",7.3,HIGH,0.0015200000489130616,false,,false,false,true,2023-10-20T18:11:22.000Z,true,false,false,,2023-10-04T15:15:00.000Z,0
CVE-2023-4237,https://securityvulnerability.io/vulnerability/CVE-2023-4237,Platform: ec2_key module prints out the private key directly to the standard output,"A vulnerability exists within the Ansible Automation Platform that causes the ec2_key module to expose private keys to standard output when generating new keypairs. This flaw can lead to unauthorized access if attackers can access log files, thus compromising the confidentiality and integrity of the system. Users of the Ansible Automation Platform should review their logging practices and ensure proper security measures are taken to protect sensitive information.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-04T15:15:00.000Z,0
CVE-2023-4380,https://securityvulnerability.io/vulnerability/CVE-2023-4380,Platform: token exposed at importing project,"A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",6.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-10-04T15:15:00.000Z,0
CVE-2022-3205,https://securityvulnerability.io/vulnerability/CVE-2022-3205,Controller: cross site scripting in automation controller ui,Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection,Red Hat,"Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2",4.6,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-09-13T19:19:46.000Z,0
CVE-2020-14332,https://securityvulnerability.io/vulnerability/CVE-2020-14332,Data Exposure Vulnerability in Ansible Engine Affecting Ansible Users,"A vulnerability exists in Ansible Engine related to the handling of sensitive information during task execution in check mode. When using the module_args parameter, sensitive data may not be adequately neutralized in event data. This oversight could enable unauthorized users to access confidential data, posing a significant risk to user privacy and data confidentiality.",Red Hat,Ansible,5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-09-11T17:59:30.000Z,0
CVE-2020-14330,https://securityvulnerability.io/vulnerability/CVE-2020-14330,Improper Output Neutralization Vulnerability in Ansible's URI Module,"Ansible contains an improper output neutralization vulnerability within its URI module. This flaw enables attackers to access sensitive logs or outputs generated during task execution, revealing keys used in playbooks from other users. Consequently, this can compromise the confidentiality of data, allowing unauthorized users to gain insights into confidential information stored in the logs.",Red Hat,Ansible,5,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2020-09-11T00:00:00.000Z,0
CVE-2020-10782,https://securityvulnerability.io/vulnerability/CVE-2020-10782,Sensitive Information Exposure in Ansible by Red Hat,"A vulnerability in Ansible version 3.7.0 allows for the exposure of sensitive information, such as tokens and secrets, due to improperly set world-readable permissions in the rsyslog configuration file. This flaw poses a risk to confidentiality as unintended access to sensitive data may occur. Users are encouraged to update to Ansible version 3.7.1, where this issue has been addressed.",Red Hat,Ansible Tower,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-18T12:49:07.000Z,0
CVE-2020-10744,https://securityvulnerability.io/vulnerability/CVE-2020-10744,Insecure Temporary Directory Vulnerability in Ansible Engine and Tower,"The vulnerability arises from an incomplete fix addressing the underlying flaw related to insecure temporary directory handling when executing commands under a different user using Ansible's 'become' directive. The failure to adequately secure these directories creates a race condition, particularly on systems utilizing Access Control Lists (ACLs) and Filesystems in Userspace (FUSE). This oversight affects various versions of both Ansible Engine and Ansible Tower, leaving systems potentially exposed to unauthorized access and exploitation.",Red Hat,Ansible,5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-05-15T13:44:33.000Z,0
CVE-2020-1746,https://securityvulnerability.io/vulnerability/CVE-2020-1746,Data Disclosure Vulnerability in Ansible Engine and Ansible Tower by Red Hat,"A vulnerability exists in the Ansible Engine and Ansible Tower, allowing the LDAP bind password to be exposed in standard output or log files. This occurs when playbook tasks use the 'bind_pw' parameter in the ldap_attr and ldap_entry community modules, potentially compromising sensitive information and impacting data confidentiality.",Red Hat,Ansible,5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-05-12T17:30:47.000Z,0
CVE-2020-10685,https://securityvulnerability.io/vulnerability/CVE-2020-10685,Vulnerability in Ansible Engine and Ansible Tower Affecting Decryption Process,"A security flaw exists in Ansible Engine and Ansible Tower that affects versions utilizing modules to decrypt vault files. The issue arises when decrypted temporary files are stored in the /tmp directory, which is not cleared until the system reboots. This flaw poses a significant risk, especially on systems where /tmp is not configured as a temporary filesystem. As a result, sensitive decrypted data may remain accessible after runtime, making it imperative for users to ensure this data is removed immediately after use to avoid potential exposure.",Red Hat,Ansible,5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T00:00:00.000Z,0
CVE-2020-10691,https://securityvulnerability.io/vulnerability/CVE-2020-10691,Archive Traversal Vulnerability in Ansible Engine by Red Hat,"An archive traversal flaw is present in all versions of Ansible Engine 2.9.x prior to 2.9.7. This vulnerability is triggered when using the 'ansible-galaxy collection install' command, allowing an attacker to extract a malicious .tar.gz collection file. The flaw stems from the lack of filename sanitization during directory creation, enabling potential overwriting of any file on the system, thereby compromising system integrity. Users are advised to upgrade to version 2.9.7 or later to mitigate this risk.",Red Hat,Ansible,5.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-30T16:23:36.000Z,0
CVE-2020-1741,https://securityvulnerability.io/vulnerability/CVE-2020-1741,CORS Misconfiguration in OpenShift Container Platform by Red Hat,"A flaw in OpenShift Container Platform 3.11 originates from overly permissive CORS allowed origins configurations during installation. This vulnerability allows attackers to man-in-the-middle the communication between a user's browser and the OpenShift console. By exploiting this, an attacker could initiate phishing attacks, potentially compromising user data and posing serious risks to data confidentiality. It highlights the importance of properly configuring CORS settings to mitigate such security threats.",Red Hat,Openshift-ansible,5.9,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2020-04-24T18:34:07.000Z,0
CVE-2019-14905,https://securityvulnerability.io/vulnerability/CVE-2019-14905,OS Command Injection Vulnerability in Ansible Engine by Red Hat,"A vulnerability exists in specific versions of Ansible Engine, where the nxos_file_copy module allows attackers to manipulate the filename parameter. This exploitation can lead to OS command injections, potentially compromising system confidentiality and integrity on NXOS devices. The affected versions are vulnerable before their respective patch releases, highlighting the importance of updating to secure system environments.",Red Hat,Ansible,7.3,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2020-03-31T16:20:41.000Z,0