3 matches found
CVE-2015-1482
Ansible Tower (aka Ansible UI) before 2.0.5 is vulnerable to an authentication bypass via a websocket connection to socket.io/1/, enabling remote attackers to obtain sensitive information. Root cause: missing/weak auth on the Socket.IO endpoint. Affected product and version: Ansible Tower prior t...
CVE-2015-1368
Ansible Tower (aka Ansible UI) prior to version 2.0.5 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary script or HTML via input parameters in the API: (1) order_by to credentials/, (2) inventories/, (3) projects/, or (4) use...
CVE-2015-1481
CVE-2015-1481 affects Ansible Tower (aka Ansible UI) prior to 2.0.5. The described vulnerability allows remote organization administrators to gain privileges by creating a superuser account. This mode of privilege escalation is documented in multiple connected sources referencing the same issue. ...