CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 1CVE-2023-39059
https://notcve.org/view.php?id=CVE-2023-39059
28 Aug 2023 — An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. • https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28609
https://notcve.org/view.php?id=CVE-2023-28609
18 Mar 2023 — api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. • https://github.com/ansible-semaphore/semaphore/commit/3e4a62b7f2b1ef0660c9fb839818a53c80a5a8b1 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125036 – drybjed ansible-ntp main.yml amplification
https://notcve.org/view.php?id=CVE-2014-125036
02 Jan 2023 — A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. • https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-2809
https://notcve.org/view.php?id=CVE-2017-2809
14 Sep 2017 — An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. Existe una vulnerabilidad explotable en la funcionalidad de carga de archivos yaml de ansible-vault en versiones anteriores a la 1.0.5. Una bóveda (vault) especialmente manipulada puede ejecutar comandos python arbitrarios. • http://www.securityfocus.com/bid/100824 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 10%CPEs: 3EXPL: 2CVE-2016-9587 – Ansible 2.1.4/2.2.1 - Command Execution
https://notcve.org/view.php?id=CVE-2016-9587
12 Jan 2017 — Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Ansible, en versiones anteriores a la 2.1.4 y la 2.2.1, es vulnerable a una validación de entradas incorrecta en la gestión de Ansible de da... • https://packetstorm.news/files/id/140466 • CWE-20: Improper Input Validation •