CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49520 – Event-driven-ansible: authenticated argument injection in git url in eda project creation
https://notcve.org/view.php?id=CVE-2025-49520
30 Jun 2025 — A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access. • https://access.redhat.com/errata/RHSA-2025:9986 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-49521 – Event-driven-ansible: template injection via git branch and refspec in eda projects
https://notcve.org/view.php?id=CVE-2025-49521
30 Jun 2025 — A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft. • https://access.redhat.com/errata/RHSA-2025:9986 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2025-3576 – Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
https://notcve.org/view.php?id=CVE-2025-3576
15 Apr 2025 — A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. It was discovered that Kerberos allowed the usage of weak cryptographic standards. An attacker could possibly use this issue to expose sensitive information. • https://access.redhat.com/security/cve/CVE-2025-3576 • CWE-328: Use of Weak Hash •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2877 – Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
https://notcve.org/view.php?id=CVE-2025-2877
28 Mar 2025 — A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams. An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include an information leakage vulnerability. • https://access.redhat.com/security/cve/CVE-2025-2877 • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1801 – Aap-gateway: aap-gateway privilege escalation
https://notcve.org/view.php?id=CVE-2025-1801
03 Mar 2025 — A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable. An update is now available for Red Hat Ansible Automation Platform 2.5. • https://access.redhat.com/errata/RHSA-2025:1954 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2024-11831 – Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
https://notcve.org/view.php?id=CVE-2024-11831
10 Feb 2025 — A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web applicatio... • https://access.redhat.com/security/cve/CVE-2024-11831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53907 – django: Potential denial-of-service in django.utils.html.strip_tags()
https://notcve.org/view.php?id=CVE-2024-53907
05 Dec 2024 — An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. A vulnerability was found in the Django Web Framework. The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities. jiang... • https://docs.djangoproject.com/en/dev/releases/security • CWE-770: Allocation of Resources Without Limits or Throttling CWE-1169: SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53908 – django: Potential SQL injection in HasKey(lhs, rhs) on Oracle
https://notcve.org/view.php?id=CVE-2024-53908
05 Dec 2024 — An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) A vulnerability was found in the Django Web Framework. The direct usage of django.db.models.fields.json.HasKey may be vulnerable to SQL injection if untrusted data is used to... • https://docs.djangoproject.com/en/dev/releases/security • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11483 – Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
https://notcve.org/view.php?id=CVE-2024-11483
25 Nov 2024 — A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services. • https://access.redhat.com/security/cve/CVE-2024-11483 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11079 – Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
https://notcve.org/view.php?id=CVE-2024-11079
11 Nov 2024 — A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. An update is now available for Red Hat Ansible Automation Platform Execution Environments. Issues addressed include a bypass vulnerability. • https://access.redhat.com/security/cve/CVE-2024-11079 • CWE-20: Improper Input Validation •