7 matches found
RHEL 7 : Red Hat CloudForms (RHSA-2017:3005)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3005 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...
CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
CVE-2017-12148
CVE-2017-12148 affects Ansible Tower's UI (SCM repos). If a Tower project definition lacks the 'delete before update' flag, a committer to the upstream playbook can insert a Trojan playbook that, when run by Tower, adds git hooks to the checked-out repository and may execute arbitrary commands as...
CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
Important: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update
An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2017-12148
A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...