CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 1CVE-2023-39059
https://notcve.org/view.php?id=CVE-2023-39059
28 Aug 2023 — An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. • https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28609
https://notcve.org/view.php?id=CVE-2023-28609
18 Mar 2023 — api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. • https://github.com/ansible-semaphore/semaphore/commit/3e4a62b7f2b1ef0660c9fb839818a53c80a5a8b1 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125036 – drybjed ansible-ntp main.yml amplification
https://notcve.org/view.php?id=CVE-2014-125036
02 Jan 2023 — A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. • https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25646
https://notcve.org/view.php?id=CVE-2020-25646
29 Oct 2020 — A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality Se encontró uno fallo en Ansible Collection community.crypto. La función openssl_privatekey_info expone la clave privada en los registros. Esto impacta directamente la confidencialidad • https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-2809
https://notcve.org/view.php?id=CVE-2017-2809
14 Sep 2017 — An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. Existe una vulnerabilidad explotable en la funcionalidad de carga de archivos yaml de ansible-vault en versiones anteriores a la 1.0.5. Una bóveda (vault) especialmente manipulada puede ejecutar comandos python arbitrarios. • http://www.securityfocus.com/bid/100824 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 10%CPEs: 3EXPL: 2CVE-2016-9587 – Ansible 2.1.4/2.2.1 - Command Execution
https://notcve.org/view.php?id=CVE-2016-9587
12 Jan 2017 — Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Ansible, en versiones anteriores a la 2.1.4 y la 2.2.1, es vulnerable a una validación de entradas incorrecta en la gestión de Ansible de da... • https://packetstorm.news/files/id/140466 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 4%CPEs: 1EXPL: 5CVE-2015-1481 – Ansible Tower 2.0.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1481
04 Feb 2015 — Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. Ansible Tower (también conocido como la UI de Ansible) anterior a 2.0.5 permite a administradores de organizaciones remotos ganar privilegios mediante la creación de una cuenta de superusuario. • https://www.exploit-db.com/exploits/35786 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 5CVE-2015-1482 – Ansible Tower 2.0.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1482
04 Feb 2015 — Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. Ansible Tower (también conocido como la UI de Ansible) anterior a 2.0.5 permite a atacantes remotos evadir la autenticación y obtener información sensible a través de una conexión de socket web en socket.io/1/. • https://www.exploit-db.com/exploits/35786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 4CVE-2015-1368 – Ansible Tower 2.0.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1368
27 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. Múltiples vulnearbilidades de XSS en Ansible Tower (también conocido como Ansible UI) anterior a 2.0.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbi... • https://www.exploit-db.com/exploits/35786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •