Lucene search

K

RedHatRHSA-2020:3328

HistoryAug 05, 2020 - 2:36 p.m.

(RHSA-2020:3328) Moderate: Red Hat Ansible Tower 3.7.2-1 - RHEL7 Container

2020-08-0514:36:06

access.redhat.com

48

0.001 Low

EPSS

Percentile

49.4%

Updated Named URLs to allow for testing the presence or absence of objects (CVE-2020-14337)
Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)
Fixed Tower Server Side Request Forgery on Webhooks (CVE-2020-14328)
Fixed Tower sensitive data exposure on labels (CVE-2020-14329)
Added local caching for downloaded roles and collections so they are not re-downloaded on nodes where they have already been updated
Fixed Tower’s task scheduler to no longer deadlock for clustered installations with large numbers of nodes
Fixed the Credential Type definitions to no longer allow superusers to run unsafe Python code
Fixed credential lookups from CyberArk AIM to no longer fail unexpectedly
Fixed upgrades from 3.5 to 3.6 on RHEL8 in order for PostgreSQL client libraries to be upgraded on Tower nodes, which fixes the backup/restore function
Fixed backup/restore for PostgreSQL usernames that include capital letters
Fixed manually added host variables to no longer be removed on VMWare vCenter inventory syncs
Fixed Red Hat Satellite inventory syncs to allow Tower to properly respect the verify_ssl flag

0.001 Low

EPSS

Percentile

49.4%

Related for RHSA-2020:3328

redhatcve4 nvd4 cvelist4 cve4 prion4 redhat1 nessus1