Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tower vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-10311
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using at...
Jenkins Ansible Tower
4.3
CVSSv3
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jen...
Jenkins Ansible Tower
5.5
CVSSv3
CVE-2019-19341
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run...
Redhat Ansible Tower
8
CVSSv3
CVE-2016-7070
A privilege escalation flaw was found in the Ansible Tower. When Tower prior to 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
Redhat Ansible Tower
6.7
CVSSv3
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an malicious user to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to...
Redhat Ansible Tower
1 Github repository
3.3
CVSSv3
CVE-2020-10698
A flaw was found in Ansible Tower when running jobs. This flaw allows an malicious user to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected...
Redhat Ansible Tower
3.3
CVSSv3
CVE-2020-14328
A flaw was found in Ansible Tower in versions prior to 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving...
Redhat Ansible Tower
3.3
CVSSv3
CVE-2020-14329
A data exposure flaw was found in Ansible Tower in versions prior to 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organizat...
Redhat Ansible Tower
5.5
CVSSv3
CVE-2020-14327
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions prior to 3.6.5 and prior to 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services o...
Redhat Ansible Tower
5.3
CVSSv3
CVE-2019-19342
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 ...
Redhat Ansible Tower
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »