Lucene search

K
redhatRedHatRHSA-2020:3328
HistoryAug 05, 2020 - 2:36 p.m.

(RHSA-2020:3328) Moderate: Red Hat Ansible Tower 3.7.2-1 - RHEL7 Container

2020-08-0514:36:06
access.redhat.com
47

0.001 Low

EPSS

Percentile

49.3%

  • Updated Named URLs to allow for testing the presence or absence of objects (CVE-2020-14337)
  • Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)
  • Fixed Tower Server Side Request Forgery on Webhooks (CVE-2020-14328)
  • Fixed Tower sensitive data exposure on labels (CVE-2020-14329)
  • Added local caching for downloaded roles and collections so they are not re-downloaded on nodes where they have already been updated
  • Fixed Tower’s task scheduler to no longer deadlock for clustered installations with large numbers of nodes
  • Fixed the Credential Type definitions to no longer allow superusers to run unsafe Python code
  • Fixed credential lookups from CyberArk AIM to no longer fail unexpectedly
  • Fixed upgrades from 3.5 to 3.6 on RHEL8 in order for PostgreSQL client libraries to be upgraded on Tower nodes, which fixes the backup/restore function
  • Fixed backup/restore for PostgreSQL usernames that include capital letters
  • Fixed manually added host variables to no longer be removed on VMWare vCenter inventory syncs
  • Fixed Red Hat Satellite inventory syncs to allow Tower to properly respect the verify_ssl flag

0.001 Low

EPSS

Percentile

49.3%