cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-1657,https://securityvulnerability.io/vulnerability/CVE-2024-1657,Insecure WebSocket Connection in Ansible Rulebook EDA Server Exposes System Data,"A vulnerability has been identified in the Ansible Automation Platform where an insecure WebSocket connection is utilized during the installation process from the Ansible rulebook EDA server. This security flaw allows an attacker with access to any machine within the same CIDR block to exploit the WebSocket, potentially leading to unauthorized downloading of all rulebook data. As a result, this vulnerability poses significant risks to the confidentiality and integrity of the system, enabling sensitive data exposures and unauthorized access to critical automation resources. Organizations using Ansible Automation Platform are advised to take immediate action to secure their WebSocket configurations and mitigate potential risks.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",8.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0
CVE-2024-1394,https://securityvulnerability.io/vulnerability/CVE-2024-1394,Memory Leak Vulnerability in Golang RSA Code Could Lead to Resource Exhaustion,"A memory leak flaw has been identified in the RSA encrypting and decrypting code of the Golang FIPS OpenSSL library. This issue arises from improper handling of named return parameters, specifically within the RSA library's context initialization process. When errors occur during context initialization or property settings, the related pointers, namely 'pkey' and 'ctx', are left unfreed, leading to a potential resource exhaustion vulnerability. Attackers can exploit this flaw through crafted inputs, causing the application to exhaust memory resources.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Developer Tools,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Rhodf-4.16-rhel-9,Nbde Tang Server,Openshift Developer Tools And Services,Openshift Pipelines,Openshift Serverless,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Certification For Red Hat Enterprise Linux 8,Red Hat Certification For Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Gitops,Red Hat Openshift On Aws,Red Hat Openshift Virtualization 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0,Red Hat Service Interconnect 1,Red Hat Software Collections,Red Hat Storage 3",7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-03-21T12:16:38.790Z,0
CVE-2024-0690,https://securityvulnerability.io/vulnerability/CVE-2024-0690,An Information Disclosure Flaw in Ansible-Core Could Lead to Sensitive Data Exposure,"An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.",Red Hat,",Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9",5.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-06T12:00:28.505Z,0
CVE-2023-5115,https://securityvulnerability.io/vulnerability/CVE-2023-5115,Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files,An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.,Red Hat,"Red Hat Ansible Automation Platform 2.3 For Rhel 8,Red Hat Ansible Automation Platform 2.3 For Rhel 9,Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Ansible Automation Platform 1.2",6.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-12-18T14:15:00.000Z,0
CVE-2023-5764,https://securityvulnerability.io/vulnerability/CVE-2023-5764,Ansible: template injection,"A template injection flaw exists in Ansible that could potentially allow an attacker to manipulate the internal templating operations of a user's controller. Specifically, this vulnerability may enable an attacker to craft a file that strips the 'unsafe' designation from template data, thus permitting malicious template code to be executed. It is crucial for users to review the affected versions and apply the necessary updates to safeguard their systems from potential exploitation.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-12T22:15:00.000Z,0
CVE-2023-5189,https://securityvulnerability.io/vulnerability/CVE-2023-5189,Hub: insecure galaxy-importer tarfile extraction,"A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",6.5,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-11-14T23:15:00.000Z,0
CVE-2023-3971,https://securityvulnerability.io/vulnerability/CVE-2023-3971,Controller: html injection in custom login info,"An HTML injection vulnerability exists in the user interface settings of Red Hat Controller, which allows attackers to inject malicious HTML code. This can lead to the creation of custom login pages designed to capture user credentials. As a result, attackers may gain unauthorized access to sensitive information by tricking users into entering their credentials on these fraudulent pages.",Red Hat,"Red Hat Ansible Automation Platform 2.3 For Rhel 8,Red Hat Ansible Automation Platform 2.3 For Rhel 9,Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",7.3,HIGH,0.0015200000489130616,false,,false,false,true,2023-10-20T18:11:22.000Z,true,false,false,,2023-10-04T15:15:00.000Z,0
CVE-2023-4380,https://securityvulnerability.io/vulnerability/CVE-2023-4380,Platform: token exposed at importing project,"A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",6.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-10-04T15:15:00.000Z,0
CVE-2023-4237,https://securityvulnerability.io/vulnerability/CVE-2023-4237,Platform: ec2_key module prints out the private key directly to the standard output,"A vulnerability exists within the Ansible Automation Platform that causes the ec2_key module to expose private keys to standard output when generating new keypairs. This flaw can lead to unauthorized access if attackers can access log files, thus compromising the confidentiality and integrity of the system. Users of the Ansible Automation Platform should review their logging practices and ensure proper security measures are taken to protect sensitive information.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9",7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-04T15:15:00.000Z,0