ansible 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥 and vendor risk input validation などに関し、一部は vendor impact unexpected behavior を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2016-9587 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | [email protected] | 8.1 | 17.87% | 2018-04-24 | 2024-11-21 |
| CVE-2015-1482 | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. | [email protected] | 5.0 | 8.54% | 2015-02-04 | 2026-05-06 |
| CVE-2015-1481 | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. | [email protected] | 6.5 | 6.14% | 2015-02-04 | 2026-05-06 |
| CVE-2015-1368 | Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. | [email protected] | 4.3 | 5.15% | 2015-01-27 | 2026-05-06 |