Ansible Tower Security Vulnerabilities and Issues — Ansible Tower CVE List

Lucene search

RedhatAnsible Tower

10 matches found

CVE•added 2020/01/02 3:15 p.m.•276 views

CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

6.5CVSS6.4AI score0.01154EPSS

CVE•added 2018/07/28 11:29 p.m.•243 views

CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

6.5CVSS7.1AI score0.00906EPSS

CVE•added 2018/05/04 5:29 p.m.•227 views

CVE-2018-10733

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

6.5CVSS6.3AI score0.00808EPSS

CVE•added 2018/05/06 11:29 p.m.•203 views

CVE-2018-10768

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

6.5CVSS6.3AI score0.01525EPSS

CVE•added 2018/07/25 11:29 p.m.•198 views

CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fi...

6.5CVSS6AI score0.00538EPSS

CVE•added 2018/05/06 11:29 p.m.•177 views

CVE-2018-10767

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

6.5CVSS6.4AI score0.00854EPSS

CVE•added 2018/07/28 11:29 p.m.•169 views

CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

6.5CVSS7.3AI score0.01523EPSS

CVE•added 2021/03/09 6:15 p.m.•85 views

CVE-2021-20253

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and...

6.7CVSS6.3AI score0.00278EPSS

CVE•added 2020/06/18 1:15 p.m.•57 views

CVE-2020-10782

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to ...

6.5CVSS6.1AI score0.00037EPSS

CVE•added 2018/08/22 4:29 p.m.•52 views

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

6.5CVSS6.4AI score0.00164EPSS