CVE-2025-57847

<= 2.6

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/pas

6.4MEDIUM

CVE-2025-9909

< 2.6

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential

6.7MEDIUM

CVE-2025-9908

< 2.6

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows a

6.7MEDIUM

CVE-2025-9907

< 2.6

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allow

6.7MEDIUM

CVE-2025-53862

all versions

A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a

3.5LOW

CVE-2025-53861

all versions

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (M

3.1LOW

CVE-2024-10033

all versions

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw al

6.1MEDIUM

CVE-2024-0690

all versions

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scen

5.0MEDIUM

CVE-2023-50782

all versions

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS se

7.5HIGH

CVE-2023-5115

all versions

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ans

6.3MEDIUM

CVE-2023-5764

all versions

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe desi

7.1HIGH

CVE-2023-5189

all versions

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that whe

6.3MEDIUM

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-4380

all versions

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are log

6.3MEDIUM

CVE-2023-4237

all versions

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key di

7.3HIGH

CVE-2023-3971

all versions

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials

7.3HIGH

CVE-2022-3644

all versions

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read

5.5MEDIUM

CVE-2022-3205

all versions

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susc

4.6MEDIUM

CVE-2022-1632

all versions

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set

6.5MEDIUM

CVE-2021-4112

all versions

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attack

8.8HIGH

CVE-2022-2568

all versions

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'chang

6.5MEDIUM

CVE-2021-3681

all versions

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that ar

5.5MEDIUM

CVE-2021-3583

all versions

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts use

7.1HIGH

CVE-2021-20228

all versions

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log fe

7.5HIGH