Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:0779
HistoryMar 09, 2021 - 3:07 p.m.

(RHSA-2021:0779) Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update

2021-03-0915:07:20
access.redhat.com
104

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Security Fix(es):

  • Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
  • Upgraded to a more recent version of autobahn to address CVE-2020-35678.
  • Upgraded to a more recent version of nginx to address CVE-2019-20372.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
  • Improved analytics collection to collect the playbook status for all hosts in a playbook run

Related

redhat 12
nessus 67
openvas 31
fedora 4
mageia 4
archlinux 1
oraclelinux 4
ibm 7
osv 12
amazon 2
gentoo 1
cloudfoundry 1
aix 1
ubuntu 4
suse 7
centos 1
rosalinux 1
photon 6
almalinux 2
rocky 1
prion 5
cve 4
redhatcve 4
debiancve 3
ubuntucve 2
veracode 4
github 2
freebsd 1
checkpoint_advisories 1
alpinelinux 1
cbl_mariner 3
redhat
redhat
(RHSA-2021:0780) Important: Red Hat Ansible Tower 3.8.2-1 - Container security and bug fix update
2021-03-09 15:07:34
(RHSA-2021:2180) Moderate: RHV Engine and Host Common Packages security update [ovirt-4.4.6]
2021-06-01 11:44:42
(RHSA-2021:0664) Moderate: Ansible security and bug fix update (2.9.18)
2021-02-24 17:27:09
nessus
nessus
RHEL 7 / 8 : Ansible security and bug fix update (2.9.18) (Moderate) (RHSA-2021:0663)
2021-02-24 00:00:00
RHEL 8 : RHV Engine and Host Common Packages security update [ovirt-4.4.6] (Moderate) (RHSA-2021:2180)
2021-06-01 00:00:00
RHEL 7 / 8 : Ansible security and bug fix update (2.9.18) (Moderate) (RHSA-2021:0664)
2021-02-24 00:00:00
openvas
openvas
Fedora: Security Advisory for ansible (FEDORA-2021-9a0903469c)
2021-03-02 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2021-e9478617ae)
2021-03-02 00:00:00
Mageia: Security Advisory (MGASA-2021-0132)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: ansible-2.9.18-1.fc32
2021-03-01 17:06:17
[SECURITY] Fedora 33 Update: ansible-2.9.18-1.fc33
2021-03-01 17:02:27
[SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31
2020-06-16 01:19:13
mageia
mageia
Updated ansible packages fix security vulnerability
2021-03-12 04:25:47
Updated ansible packages fix security vulnerability
2021-03-12 04:25:47
Updated perl packages fix security vulnerability
2020-06-11 02:59:36
archlinux
archlinux
[ASA-202102-9] ansible: information disclosure
2021-02-06 00:00:00
oraclelinux
oraclelinux
perl security update
2021-02-03 00:00:00
perl security update
2021-05-20 00:00:00
perl security and bug fix update
2021-05-25 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Perl affect AIX (CVE-2020-10543, CVE-2020-10878, and CVE-2020-12723)
2021-03-04 17:37:08
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Perl
2023-07-11 13:31:52
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
2023-12-01 16:06:59
osv
osv
perl vulnerabilities
2020-10-26 11:11:53
perl vulnerabilities
2020-10-27 14:02:08
Moderate: perl security and bug fix update
2021-05-18 05:49:06
amazon
amazon
Medium: ansible
2021-03-18 01:13:00
Medium: perl
2021-02-19 01:26:00
gentoo
gentoo
Perl: Multiple vulnerabilities
2020-06-12 00:00:00
cloudfoundry
cloudfoundry
USN-4602-1: Perl vulnerabilities | Cloud Foundry
2021-03-09 00:00:00
aix
aix
There are vulnerabilities in Perl that affect AIX.
2020-12-09 16:36:39
ubuntu
ubuntu
Perl vulnerabilities
2020-10-27 00:00:00
Perl vulnerabilities
2020-10-26 00:00:00
nginx vulnerability
2020-01-15 00:00:00
suse
suse
Security update for perl (important)
2020-06-23 00:00:00
Important for SUSE Manager Client Tools (important)
2022-09-08 00:00:00
Security update for python-autobahn (moderate)
2021-01-24 00:00:00
centos
centos
perl security update
2021-02-04 01:04:16
rosalinux
rosalinux
Advisory ROSA-SA-2024-2334
2024-01-30 08:40:29
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0302
2020-06-23 00:00:00
Important Photon OS Security Update - PHSA-2020-0104
2020-06-23 00:00:00
Critical Photon OS Security Update - PHSA-2022-0528
2022-10-18 00:00:00
almalinux
almalinux
Moderate: perl security and bug fix update
2021-05-18 05:49:06
Moderate: nginx:1.16 security update
2020-12-15 16:02:49
rocky
rocky
perl security and bug fix update
2021-05-18 05:49:06
prion
prion
Design/Logic Flaw
2020-12-27 00:15:00
Design/Logic Flaw
2020-01-09 21:15:00
Design/Logic Flaw
2021-03-09 18:15:00
cve
cve
CVE-2019-20372
2020-01-09 21:15:00
CVE-2021-20253
2021-03-09 18:15:00
CVE-2020-35678
2020-12-27 00:15:00
redhatcve
redhatcve
CVE-2019-20372
2020-01-13 02:39:12
CVE-2020-35678
2020-12-28 18:34:34
CVE-2021-20253
2021-03-08 21:33:32
debiancve
debiancve
CVE-2020-35678
2020-12-27 00:15:00
CVE-2021-20191
2021-05-26 21:15:00
CVE-2021-20228
2021-04-29 16:15:00
ubuntucve
ubuntucve
CVE-2020-35678
2020-12-27 00:00:00
CVE-2021-20191
2021-05-26 00:00:00
veracode
veracode
Open Redirect
2020-12-28 01:49:08
HTTP Request Smuggling
2020-01-10 03:02:35
Information Disclosure
2021-02-25 06:28:44
github
github
Open Redirect in autobahn
2021-04-20 16:13:45
Ansible Exposes Sensitive Information
2022-05-25 19:22:34
freebsd
freebsd
NGINX -- HTTP request smuggling
2019-12-10 00:00:00
checkpoint_advisories
checkpoint_advisories
NGINX Information Disclosure (CVE-2019-20372)
2020-05-27 00:00:00
alpinelinux
alpinelinux
CVE-2019-20372
2020-01-09 21:15:00
cbl_mariner
cbl_mariner
CVE-2019-20372 affecting package nginx 1.16.1-4
2020-11-30 19:30:40
CVE-2021-20191 affecting package ansible 2.9.12-1
2021-07-08 21:56:43
CVE-2021-20228 affecting package ansible 2.9.18-1
2022-04-09 06:51:57

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON
Related for RHSA-2021:0779
redhat12nessus67openvas31fedora4mageia4archlinux1oraclelinux4ibm7osv12amazon2gentoo1cloudfoundry1aix1ubuntu4suse7centos1rosalinux1photon6almalinux2rocky1prion5cve4redhatcve4debiancve3ubuntucve2veracode4github2freebsd1checkpoint_advisories1alpinelinux1cbl_mariner3