IT Business Management

In Ansible Lightspeed all the versions a medium severity vulnerability CVE-2026-44188 was detected. This vulnerability allows a remote attacker to hijack a session and gain unauthorized read access to sensitive Ansible resources, such as inventories, playbooks, and configuration data. This occurs due to insufficient session expiration logic. If an attacker exfiltrates a valid OAuth access token before a user logs out, they can maintain persistent access because the backend application fails to properly invalidate the token upon logout, leaving it active until its natural expiration. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-44188.

In Ansible versions before 1.6.6 a medium severity vulnerability CVE-2014-3498 was detected. This vulnerability allows remote authenticated users to execute arbitrary commands due to a flaw in the user module. To address this issue, users should upgrade Ansible to version 1.6.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-3498.

In Ansible versions before 1.9.2 a high severity vulnerability CVE-2015-6240 was detected. This vulnerability allows local users to escape a restricted environment (such as a chroot, jail, or zone) via a symlink attack targeting the chroot, jail, and zone connection plugins. To address this issue, users should upgrade Ansible to version 1.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-6240.

In Ansible versions 2.3.x before 2.3.3 and 2.4.x before 2.4.1 a medium severity vulnerability CVE-2017-7550 was detected. This vulnerability allows remote attackers to expose sensitive information, such as passwords, from a remote host’s logs due to a flaw in how parameters are passed to the jenkins_plugin module’s “params” argument. To address this issue, users should upgrade Ansible to versions 2.3.3 or 2.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7550.

In Foreman versions since 1.5 a medium severity vulnerability CVE-2017-7505 was detected. This vulnerability allows users with user management permissions assigned to specific organizations to perform unauthorized operations on all administrator user objects outside of their scope, such as editing global admin accounts and changing their passwords, due to an incorrect authorization check. To address this issue, users should upgrade Foreman to version 1.15.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-7505.

In Foreman versions before 1.12.2 a medium severity vulnerability CVE-2016-6319 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the label parameter in app/helpers/form_helper.rb, as used by Remote Execution and possibly other plugins. To address this issue, users should upgrade Foreman to version 1.12.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2016-6319.

In Foreman versions before 1.2.3 a high severity vulnerability CVE-2013-4386 was detected. This vulnerability allows remote attackers to execute arbitrary SQL commands via the fqdn or hostgroup parameters. To address this issue, users should upgrade Foreman to version 1.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-4386.

In Foreman versions 1.22.0 and higher a high severity vulnerability CVE-2025-9572 was detected. This vulnerability allows low-privileged users to bypass access controls in the GraphQL API, enabling them to access metadata beyond their assigned permissions and potentially leading to unauthorized information disclosure. To address this issue, users should upgrade Foreman to versions 3.16.2 or 3.17.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9572.

In Combodo iTop versions prior to 2.7.13 and 3.2.2 a high severity vulnerability CVE-2025-47932 was detected. This vulnerability allows cross-site scripting (XSS) attacks when a dashboard is rendered via an AJAX call, due to unsanitized input. To fix this vulnerability, users should upgrade to iTop versions 2.7.13 or 3.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47932.