Ansible Automation Platform Red Hat Ansible Automation Platform

Do you want an email whenever new security vulnerabilities are reported in Red Hat Ansible Automation Platform?

Recent Red Hat Ansible Automation Platform Security Advisories

Advisory Title Published
RHSA-2021:3874 (RHSA-2021:3874) Important: Red Hat Ansible Automation Platform 2.0.1 Security and Bug fix Release October 15, 2021

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Ansible Automation Platform . Last year Ansible Automation Platform had 4 security vulnerabilities published. Right now, Ansible Automation Platform is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 4 5.65
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Ansible Automation Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Ansible Automation Platform Security Vulnerabilities

A flaw was found in Ansible, where a user's controller is vulnerable to template injection

CVE-2021-3583 7.1 - High - September 22, 2021

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.

Command Injection

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory

CVE-2021-3533 2.5 - Low - June 09, 2021

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

TOCTTOU

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory

CVE-2021-3532 5.5 - Medium - June 09, 2021

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Information Disclosure

A flaw was found in the Ansible Engine 2.9.18

CVE-2021-20228 7.5 - High - April 29, 2021

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Insufficiently Protected Credentials

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe