Unencrypted HTTP API Endpoints
Ansible uri tasks are configured to communicate with HTTP endpoints instead of HTTPS, transmitting requests without encryption and exposing data to network interception and tampering.
Information disclosure via HTTP URL in Ansible uri task
High Risk
infrastructure-security
ansibleurihttpunencrypted-trafficinformation-disclosureman-in-the-middleapi-security
What it is
Ansible uri tasks configured with HTTP URLs transmit requests without TLS encryption, enabling attackers to intercept, read, and modify data in transit through man-in-the-middle attacks. This vulnerability exposes sensitive data, API keys, authentication tokens, and application data transmitted to web services, allowing attackers to capture credentials, inject malicious responses, and compromise downstream systems.
# VULNERABLE: Ansible uri tasks with insecure HTTP
- name: Make insecure API calls
hosts: all
tasks:
# VULNERABLE: HTTP URL without encryption
- name: Get user data over HTTP
ansible.builtin.uri:
url: "http://api.example.com/users/{{ user_id }}" # VULNERABLE: HTTP
method: GET
headers:
Authorization: "Bearer {{ api_token }}" # VULNERABLE: Token sent unencrypted
return_content: yes
register: user_data
# VULNERABLE: POST sensitive data over HTTP
- name: Submit sensitive configuration
ansible.builtin.uri:
url: "http://config.example.com/api/settings" # VULNERABLE: HTTP
method: POST
body_format: json
body:
database_password: "{{ db_password }}" # VULNERABLE: Password in clear
api_key: "{{ secret_key }}"
headers:
Content-Type: "application/json"
# VULNERABLE: HTTPS with disabled validation
- name: Bypass certificate validation
ansible.builtin.uri:
url: "https://internal.example.com/api/data"
method: GET
validate_certs: no # VULNERABLE: Disables certificate validation
# VULNERABLE: HTTP for file downloads
- name: Download configuration file
ansible.builtin.uri:
url: "http://files.example.com/config.yml" # VULNERABLE: HTTP download
dest: "/etc/app/config.yml"
# VULNERABLE: Mixed HTTP/HTTPS usage
- name: Health check over HTTP
ansible.builtin.uri:
url: "http://{{ inventory_hostname }}:8080/health" # VULNERABLE: HTTP
method: GET# SECURE: Ansible uri configuration with HTTPS and certificate validation
- name: Make secure API calls
hosts: all
tasks:
# SECURE: Use HTTPS instead of HTTP
- name: Get user data securely
ansible.builtin.uri:
url: "https://api.example.com/users/{{ user_id }}" # SECURE: HTTPS
method: GET
validate_certs: yes # SECURE: Validate certificates
headers:
Authorization: "Bearer {{ api_token }}"
return_content: yes
register: user_data
# SECURE: POST with HTTPS
- name: Submit configuration securely
ansible.builtin.uri:
url: "https://config.example.com/api/settings" # SECURE: HTTPS
method: POST
validate_certs: yes # SECURE: Certificate validation enabled
body_format: json
body:
database_password: "{{ db_password }}"
api_key: "{{ secret_key }}"
headers:
Content-Type: "application/json"
# SECURE: HTTPS with certificate validation (not disabled)
- name: Access internal API securely
ansible.builtin.uri:
url: "https://internal.example.com/api/data"
method: GET
validate_certs: yes # SECURE: Validate certificates
# SECURE: File download with HTTPS
- name: Download configuration file securely
ansible.builtin.uri:
url: "https://files.example.com/config.yml" # SECURE: HTTPS
method: GET
validate_certs: yes
dest: "/etc/app/config.yml"
# SECURE: Health check with HTTPS
- name: Secure health check
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}:8443/health" # SECURE: HTTPS
method: GET
validate_certs: yes💡 Why This Fix Works
Why it happens
Ansible uri tasks are configured to communicate with HTTP endpoints instead of HTTPS, transmitting requests without encryption and exposing data to network interception and tampering.
Root causes
Fixes
Detect This Vulnerability in Your Code
Sourcery automatically identifies information disclosure via http url in ansible uri task and many other security issues in your codebase.