ansible-rulebook@1.1.2 vulnerabilities

Event driven automation for Ansible

Direct Vulnerabilities

Known vulnerabilities in the ansible-rulebook package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Improper Restriction of Communication Channel to Intended Endpoints

ansible-rulebook is an Event driven automation for Ansible

Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to the use of an insecure WebSocket connection during installation from the EDA server. An attacker with access to any machine within the CIDR block could exploit this to download all rulebook data from the WebSocket, leading to a compromise of both the confidentiality and integrity of the system.

How to fix Improper Restriction of Communication Channel to Intended Endpoints?

There is no fixed version for ansible-rulebook.

[0,)