4 matches found
CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...
CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...
CVE-2020-10709
CVE-2020-10709 concerns Ansible Tower where an OAuth2 token flow allows retrieval of a non-expiring refresh token. Affected versions are Ansible Tower before 3.6.4 and before 3.5.6. The flaw can let an attacker with token access fully authenticate to Ansible Tower, since the original user token r...
Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface CVE-2020-10698 Fixed OAuth2 refresh tokens to properly respect custom expiration settings CVE-2020-10709...