Ansible Tower Security Vulnerabilities and Issues — Ansible Tower CVE List

Lucene search

RedhatAnsible Tower

9 matches found

CVE•added 2018/10/08 3:29 p.m.•423 views

CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

8.8CVSS8.5AI score0.00354EPSS

CVE•added 2018/07/28 11:29 p.m.•232 views

CVE-2018-14681

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

8.8CVSS7.3AI score0.0395EPSS

CVE•added 2018/07/28 11:29 p.m.•226 views

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

8.8CVSS7.4AI score0.0395EPSS

CVE•added 2019/12/19 9:15 p.m.•173 views

CVE-2019-19340

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could g...

8.2CVSS8.1AI score0.00509EPSS

CVE•added 2019/11/26 7:15 a.m.•116 views

CVE-2019-14890

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.

8.4CVSS8.2AI score0.00054EPSS

CVE•added 2018/05/02 7:29 p.m.•84 views

CVE-2018-1104

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.

8.8CVSS8.9AI score0.00439EPSS

CVE•added 2022/08/25 8:15 p.m.•76 views

CVE-2021-4112

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

8.8CVSS8.2AI score0.00036EPSS

CVE•added 2018/08/22 2:29 p.m.•51 views

CVE-2018-10884

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.

8.8CVSS8.5AI score0.00175EPSS

CVE•added 2018/09/11 1:29 p.m.•48 views

CVE-2016-7070

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

8CVSS8AI score0.00088EPSS