Lucene search
K

4 matches found

NVD
NVD
added 2021/05/27 7:15 p.m.30 views

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...

7.1CVSS0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/27 6:46 p.m.34 views

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...

6.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2021/05/27 6:46 p.m.91 views

CVE-2020-10709

CVE-2020-10709 concerns Ansible Tower where an OAuth2 token flow allows retrieval of a non-expiring refresh token. Affected versions are Ansible Tower before 3.6.4 and before 3.5.6. The flaw can let an attacker with token access fully authenticate to Ansible Tower, since the original user token r...

7.1CVSS6.7AI score0.00272EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/04/22 1:24 p.m.10 views

Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container

Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface CVE-2020-10698 Fixed OAuth2 refresh tokens to properly respect custom expiration settings CVE-2020-10709...

9.8CVSS7AI score0.49739EPSS
Exploits13
Rows per page
Query Builder