Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ansible_automation_platform_early_access by redhat

    CVE-2021-4112 (GCVE-0-2021-4112)

    Vulnerability from nvd – Published: 2022-08-25 19:35 – Updated: 2024-08-03 17:16
    VLAI
    Summary
    A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
    Severity
    No CVSS data available.
    CWE
    • CWE-552 - - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ansible-tower Affected: Fixed in ansible-tower 3.8.5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2021-4112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ansible-tower",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in ansible-tower 3.8.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 - Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-25T19:35:45.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2021-4112"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4112",
        "datePublished": "2022-08-25T19:35:45.000Z",
        "dateReserved": "2021-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3620 (GCVE-0-2021-3620)

    Vulnerability from nvd – Published: 2022-03-03 18:23 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    n/a ansible Affected: Fixed in Ansible Engine v2.9.27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:07.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3620",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:25.955830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:13:51.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ansible",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in Ansible Engine v2.9.27"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible Engine\u0027s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 - Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:06:30.310Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-3620",
        "datePublished": "2022-03-03T18:23:38.000Z",
        "dateReserved": "2021-06-24T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:25.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4112 (GCVE-0-2021-4112)

    Vulnerability from cvelistv5 – Published: 2022-08-25 19:35 – Updated: 2024-08-03 17:16
    VLAI
    Summary
    A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
    Severity
    No CVSS data available.
    CWE
    • CWE-552 - - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ansible-tower Affected: Fixed in ansible-tower 3.8.5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2021-4112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ansible-tower",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in ansible-tower 3.8.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 - Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-25T19:35:45.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2021-4112"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4112",
        "datePublished": "2022-08-25T19:35:45.000Z",
        "dateReserved": "2021-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3620 (GCVE-0-2021-3620)

    Vulnerability from cvelistv5 – Published: 2022-03-03 18:23 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    n/a ansible Affected: Fixed in Ansible Engine v2.9.27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:07.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3620",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:25.955830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:13:51.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ansible",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in Ansible Engine v2.9.27"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible Engine\u0027s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 - Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-28T19:06:30.310Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-3620",
        "datePublished": "2022-03-03T18:23:38.000Z",
        "dateReserved": "2021-06-24T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:25.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }