Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
RedhatAnsible Tower

64 matches found

CVE
CVEadded 2022/08/25 8:15 p.m.76 views

CVE-2021-4112

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

8.8CVSS8.2AI score0.00036EPSS
CVE
CVEadded 2021/05/27 7:15 p.m.74 views

CVE-2020-10698

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when ...

3.3CVSS3.9AI score0.00041EPSS
CVE
CVEadded 2021/05/27 7:15 p.m.70 views

CVE-2020-10697

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenar...

4.4CVSS4.5AI score0.00127EPSS
CVE
CVEadded 2021/05/27 8:15 p.m.70 views

CVE-2020-14327

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of addit...

5.5CVSS5.4AI score0.00039EPSS
CVE
CVEadded 2018/07/27 4:29 p.m.67 views

CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

9CVSS7.2AI score0.00448EPSS
CVE
CVEadded 2021/05/27 8:15 p.m.64 views

CVE-2020-14329

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highes...

3.3CVSS3.8AI score0.00041EPSS
CVE
CVEadded 2021/05/27 7:15 p.m.59 views

CVE-2020-10709

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansi...

7.1CVSS6.7AI score0.00094EPSS
CVE
CVEadded 2019/01/03 2:29 p.m.58 views

CVE-2018-16879

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting pr...

9.8CVSS9.1AI score0.00229EPSS
CVE
CVEadded 2020/06/18 1:15 p.m.57 views

CVE-2020-10782

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to ...

6.5CVSS6.1AI score0.00037EPSS
CVE
CVEadded 2021/05/27 8:15 p.m.56 views

CVE-2020-14328

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case...

3.3CVSS4AI score0.00035EPSS
CVE
CVEadded 2020/07/31 1:15 p.m.53 views

CVE-2020-14337

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data conf...

5.8CVSS5.6AI score0.01639EPSS
CVE
CVEadded 2018/08/22 4:29 p.m.52 views

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

6.5CVSS6.4AI score0.00164EPSS
CVE
CVEadded 2018/08/22 2:29 p.m.51 views

CVE-2018-10884

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.

8.8CVSS8.5AI score0.00175EPSS
CVE
CVEadded 2018/09/11 1:29 p.m.48 views

CVE-2016-7070

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

8CVSS8AI score0.00088EPSS
Total number of security vulnerabilities64