Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible tower vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-10884
Ansible Tower prior to 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.
Redhat Ansible Tower
463
VMScore
CVE-2016-7070
A privilege escalation flaw was found in the Ansible Tower. When Tower prior to 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
Redhat Ansible Tower
187
VMScore
CVE-2019-19341
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run...
Redhat Ansible Tower
445
VMScore
CVE-2019-19342
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 ...
Redhat Ansible Tower
187
VMScore
CVE-2020-10698
A flaw was found in Ansible Tower when running jobs. This flaw allows an malicious user to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected...
Redhat Ansible Tower
320
VMScore
CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an malicious user to obtain a refresh token that does not expire. The original token granted to the user...
Redhat Ansible Tower
312
VMScore
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an malicious user to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to...
Redhat Ansible Tower
1 Github repository
605
VMScore
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using atta...
Jenkins Ansible Tower
320
VMScore
CVE-2020-10697
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in th...
Redhat Ansible Tower
356
VMScore
CVE-2019-10311
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using at...
Jenkins Ansible Tower
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »