Tower Security Vulnerabilities and Issues — Tower CVE List

Lucene search

AnsibleTower

4 matches found

CVE•added 2020/07/31 1:15 p.m.•53 views

CVE-2020-14337

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data conf...

5.8CVSS5.6AI score0.01639EPSS

CVE•added 2015/02/04 6:59 p.m.•42 views

CVE-2015-1482

Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.

5CVSS6.7AI score0.17397EPSS

CVE•added 2015/01/27 8:4 p.m.•38 views

CVE-2015-1368

Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_ru...

4.3CVSS5.9AI score0.06842EPSS

CVE•added 2015/02/04 6:59 p.m.•35 views

CVE-2015-1481

Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.

6.5CVSS7.1AI score0.03958EPSS