Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible tower vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2020-14328
A flaw was found in Ansible Tower in versions prior to 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving...
Redhat Ansible Tower
8
CVSSv3
CVE-2016-7070
A privilege escalation flaw was found in the Ansible Tower. When Tower prior to 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
Redhat Ansible Tower
4.4
CVSSv3
CVE-2020-10697
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in th...
Redhat Ansible Tower
6.7
CVSSv3
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an malicious user to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to...
Redhat Ansible Tower
1 Github repository
7.1
CVSSv3
CVE-2021-3583
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special ...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Tower
Redhat Ansible Engine
5.8
CVSSv3
CVE-2020-14337
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote malicious user to retrieve pages from the default organization and verify existing usernames. The highest threat from this vuln...
Redhat Ansible Tower 3.0.0
8.4
CVSSv3
CVE-2019-14890
A vulnerability was found in Ansible Tower prior to 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
Redhat Ansible Tower 3.6.0
6.5
CVSSv3
CVE-2020-10782
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this v...
Redhat Ansible Tower 3.7.0
5
CVSSv3
CVE-2020-1746
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules a...
Redhat Ansible Tower
Redhat Ansible Engine
Debian Debian Linux 10.0
7.2
CVSSv3
CVE-2017-12148
A flaw was found in Ansible Tower's interface prior to 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository...
Redhat Ansible Tower
Redhat Cloudforms 4.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »