Redhat Ansible Automation Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Ansible Automation Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2021-4112 — CVSS 8.8 (high): A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to…
CVE-2021-20228 — CVSS 7.5 (high): A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature…
CVE-2023-50782 — CVSS 7.5 (high): A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers…
CVE-2023-3971 — CVSS 7.3 (high): An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by…
CVE-2023-4237 — CVSS 7.3 (high): A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to…
CVE-2023-5764 — CVSS 7.1 (high): A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation…
CVE-2021-3583 — CVSS 7.1 (high): A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the…
CVE-2025-9907 — CVSS 6.7 (medium): A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows…
CVE-2025-9909 — CVSS 6.7 (medium): A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft…
CVE-2025-9908 — CVSS 6.7 (medium): A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an…
CVE-2022-1632 — CVSS 6.5 (medium): An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the…
CVE-2022-2568 — CVSS 6.5 (medium): A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user'…
CVE-2025-57847 — CVSS 6.4 (medium): A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file…
CVE-2023-5115 — CVSS 6.3 (medium): An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role…
CVE-2023-5189 — CVSS 6.3 (medium): A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using…
CVE-2023-4380 — CVSS 6.3 (medium): A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in…
CVE-2024-10033 — CVSS 6.1 (medium): A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a…
CVE-2022-3644 — CVSS 5.5 (medium): The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write…
CVE-2021-3681 — CVSS 5.5 (medium): A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not…
CVE-2024-0690 — CVSS 5.0 (medium): An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios…
CVE-2022-3205 — CVSS 4.6 (medium): Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible…
CVE-2025-53862 — CVSS 3.5 (low): A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious…
CVE-2025-53861 — CVSS 3.1 (low): A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and…