Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:5758
HistoryOct 16, 2023 - 3:29 p.m.

(RHSA-2023:5758) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

2023-10-1615:29:02
access.redhat.com
29
red hat ansible automation platform
bug fix
enterprise framework
it automation
security update
subscription usage.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.3%

JSON

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

  • ansible-core: malicious role archive can cause ansible-galaxy to overwrite arbitrary files (CVE-2023-5115)
  • automation-controller: Django: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (CVE-2023-41164)
  • python3-django/python39-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional changes:

  • ansible-core has been updated to 2.15.5
  • automation-controller has been updated to 4.4.6
  • python3-django/python39-django has been updated to 3.2.22
  • automation controller: Added a new subscription usage page to the controller UI to view historical usage of licenses (AAP-16983)
OSVersionArchitecturePackageVersionFilename
RedHat9aarch64automation-controller< 4.4.6-1.el9apautomation-controller-4.4.6-1.el9ap.aarch64.rpm
RedHat8x86_64automation-controller< 4.4.6-1.el8apautomation-controller-4.4.6-1.el8ap.x86_64.rpm
RedHat9aarch64automation-controller-venv-tower< 4.4.6-1.el9apautomation-controller-venv-tower-4.4.6-1.el9ap.aarch64.rpm
RedHat8noarchautomation-controller-server< 4.4.6-1.el8apautomation-controller-server-4.4.6-1.el8ap.noarch.rpm
RedHat9noarchautomation-controller-cli< 4.4.6-1.el9apautomation-controller-cli-4.4.6-1.el9ap.noarch.rpm
RedHat9s390xautomation-controller< 4.4.6-1.el9apautomation-controller-4.4.6-1.el9ap.s390x.rpm
RedHat9noarchautomation-controller-ui< 4.4.6-1.el9apautomation-controller-ui-4.4.6-1.el9ap.noarch.rpm
RedHat8aarch64automation-controller-venv-tower< 4.4.6-1.el8apautomation-controller-venv-tower-4.4.6-1.el8ap.aarch64.rpm
RedHat8x86_64automation-controller-venv-tower< 4.4.6-1.el8apautomation-controller-venv-tower-4.4.6-1.el8ap.x86_64.rpm
RedHat9ppc64leautomation-controller< 4.4.6-1.el9apautomation-controller-4.4.6-1.el9ap.ppc64le.rpm
Rows per page:
1-10 of 281

Related

nessus 30
fedora 9
osv 21
ubuntu 3
openvas 20
redhat 7
redhatcve 3
freebsd 2
redos 1
veracode 4
cve 4
cvelist 4
debian 2
alpinelinux 3
prion 3
github 4
debiancve 4
ubuntucve 4
ibm 2
nvd 4
cbl_mariner 1
vulnrichment 1
hackerone 1
photon 3
nessus
nessus
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5758)
2024-04-28 00:00:00
Ubuntu 18.04 ESM : Django vulnerabilities (USN-6414-2)
2023-10-05 00:00:00
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5701)
2024-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: python-django-4.2.6-1.fc39
2023-11-03 18:57:22
[SECURITY] Fedora 38 Update: python-asgiref-3.5.2-1.fc38
2023-10-15 01:44:29
[SECURITY] Fedora 37 Update: python-asgiref-3.5.2-1.fc37
2023-10-23 01:25:12
osv
osv
python-django vulnerabilities
2023-10-04 22:01:08
python-django vulnerability
2023-10-04 16:25:59
python310-Django-4.2.6-1.1 on GA media
2024-06-15 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2023-10-04 00:00:00
Django vulnerability
2023-10-04 00:00:00
Django vulnerability
2023-09-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6414-2)
2023-10-05 00:00:00
Fedora: Security Advisory (FEDORA-2023-a67af7d8f4)
2023-11-05 00:00:00
Fedora: Security Advisory for python-asgiref (FEDORA-2023-cc023fabb7)
2023-10-16 00:00:00
redhat
redhat
(RHSA-2023:5701) Moderate: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update
2023-10-16 00:58:47
(RHSA-2023:5208) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2023-09-18 18:04:43
(RHSA-2023:6158) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2023-10-30 01:15:30
redhatcve
redhatcve
CVE-2023-43665
2023-10-04 19:54:23
CVE-2023-41164
2023-09-05 15:35:56
CVE-2023-5115
2023-09-21 19:54:54
freebsd
freebsd
Django -- multiple vulnerabilities
2023-10-01 00:00:00
Django -- multiple vulnerabilities
2023-09-01 00:00:00
redos
redos
ROS-20231030-02
2023-10-30 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-10-30 06:23:22
Denial Of Service (DoS)
2023-09-05 05:18:03
Path Traversal
2023-10-16 08:45:08
cve
cve
CVE-2023-41164
2023-11-03 05:15:29
CVE-2023-5115
2023-12-18 14:15:10
CVE-2023-43665
2023-11-03 05:15:30
cvelist
cvelist
CVE-2023-41164
2023-11-03 00:00:00
CVE-2023-5115 Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
2023-12-18 13:43:07
CVE-2023-43665
2023-11-03 00:00:00
debian
debian
[SECURITY] [DLA 3558-1] python-django security update
2023-09-08 01:00:21
[SECURITY] [DLA 3695-1] ansible security update
2023-12-28 17:44:01
alpinelinux
alpinelinux
CVE-2023-41164
2023-11-03 05:15:29
CVE-2023-43665
2023-11-03 05:15:30
CVE-2024-27351
2024-03-15 20:15:09
prion
prion
Design/Logic Flaw
2023-11-03 05:15:00
Path traversal
2023-12-18 14:15:00
Hardcoded credentials
2023-11-03 05:15:00
github
github
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
2023-11-03 06:36:29
Ansible symlink attack vulnerability
2023-12-28 21:30:37
Django Denial-of-service in django.utils.text.Truncator
2023-11-03 06:36:30
debiancve
debiancve
CVE-2023-41164
2023-11-03 05:15:29
CVE-2023-5115
2023-12-18 14:15:10
CVE-2023-43665
2023-11-03 05:15:30
ubuntucve
ubuntucve
CVE-2023-5115
2023-12-18 00:00:00
CVE-2023-41164
2023-09-04 00:00:00
CVE-2023-43665
2023-10-04 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Ansible - CVE-2023-5115
2024-03-28 11:50:19
Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.1 is affected but not considered vulnerable to multiple vulnerabilities
2023-12-26 21:14:16
nvd
nvd
CVE-2023-41164
2023-11-03 05:15:29
CVE-2023-5115
2023-12-18 14:15:10
CVE-2023-43665
2023-11-03 05:15:30
cbl_mariner
cbl_mariner
CVE-2023-5115 affecting package ansible for versions less than 2.17.0-1
2024-05-31 18:55:08
vulnrichment
vulnrichment
CVE-2024-27351
2024-03-15 00:00:00
hackerone
hackerone
Internet Bug Bounty: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
2024-03-05 10:53:54
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0547
2024-01-12 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0184
2024-01-04 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0717
2024-01-25 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

47.3%

JSON
Related for RHSA-2023:5758
nessus30fedora9osv21ubuntu3openvas20redhat7redhatcve3freebsd2redos1veracode4cve4cvelist4debian2alpinelinux3prion3github4debiancve4ubuntucve4ibm2nvd4cbl_mariner1vulnrichment1hackerone1photon3