Ansible Tower@3.0 Security Vulnerabilities and Issues — Ansible Tower@3.0 CVE List

Lucene search

RedhatAnsible Tower3.0

7 matches found

CVE•added 2020/01/02 3:15 p.m.•276 views

CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

6.5CVSS6.4AI score0.01154EPSS

CVE•added 2021/05/26 9:15 p.m.•190 views

CVE-2021-20191

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data...

5.5CVSS5.9AI score0.00026EPSS

CVE•added 2020/09/23 1:15 p.m.•183 views

CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw l...

7.1CVSS6.9AI score0.0008EPSS

CVE•added 2021/05/26 12:15 p.m.•170 views

CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerabil...

5.5CVSS6AI score0.00031EPSS

CVE•added 2020/04/30 5:15 p.m.•156 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within...

5.2CVSS5AI score0.00098EPSS

CVE•added 2021/04/29 4:15 p.m.•154 views

CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability ...

7.5CVSS7AI score0.00113EPSS

CVE•added 2022/08/25 8:15 p.m.•76 views

CVE-2021-4112

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

8.8CVSS8.2AI score0.00036EPSS