CPE-DC61AF4A-DFC8-406F-BA9D-065D8F5FF2D6 Detail

CPE Details

Red Hat Ansible Automation Platform 1.2

Vendor

redhat

Product

ansible_automation_platform

Version

1.2

Created

2021-05-01
00h22 +00:00

Modified

2021-08-05
13h14 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:ansible_automation_platform:1.2:::::::*

Informations

Vendor

redhat

Product

ansible_automation_platform

Version

1.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-5115	2023-12-18 13h43 +00:00	An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.	6.3	Medium
CVE-2022-3205	2022-09-13 17h19 +00:00	Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection	6.1	Medium
CVE-2021-3681	2022-04-18 14h20 +00:00	A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.	5.5	Medium
CVE-2021-3583	2021-09-21 22h00 +00:00	A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.	7.1	High
CVE-2021-20228	2021-04-29 13h34 +00:00	A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.	7.5	High

Red Hat Ansible Automation Platform 1.2

CPE Details

CPE Name: cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:ansible_automation_platform:1.2:::::::*