Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible tower vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2020-14365
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x prior to 2.8.15 and ansible-engine 2.9.x prior to 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the defaul...
Redhat Ansible Tower 3.0
Redhat Ansible Engine
Redhat Ansible Tower
Redhat Ceph Storage 3.0
Redhat Ceph Storage 2.0
Redhat Openstack Platform 13.0
Redhat Openstack Platform 10.0
Debian Debian Linux 10.0
3.9
CVSSv3
CVE-2020-1738
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2....
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
7.2
CVSSv3
CVE-2017-12148
A flaw was found in Ansible Tower's interface prior to 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository...
Redhat Cloudforms 4.5
Redhat Ansible Tower
6.5
CVSSv3
CVE-2020-10782
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this v...
Redhat Ansible Tower 3.7.0
8.4
CVSSv3
CVE-2019-14890
A vulnerability was found in Ansible Tower prior to 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
Redhat Ansible Tower 3.6.0
5.8
CVSSv3
CVE-2020-14337
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote malicious user to retrieve pages from the default organization and verify existing usernames. The highest threat from this vuln...
Redhat Ansible Tower 3.0.0
7.5
CVSSv3
CVE-2021-20228
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an malicious user to obtain sensitive information. The highest threat...
Redhat Ansible Engine 2.9.18
Redhat Ansible Engine 2.0
Redhat Ansible Tower 3.0
Redhat Ansible Engine 2.9
Redhat Ansible Automation Platform 1.2
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2021-20178
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest th...
Redhat Ansible Tower 3.0
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
8.2
CVSSv3
CVE-2019-19340
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is ...
Redhat Ansible Tower
Redhat Enterprise Linux 7.0
8.8
CVSSv3
CVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an malicious user to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
Redhat Ansible Tower 3.0
Redhat Ansible Automation Platform Early Access 2.0
Redhat Ansible Automation Platform Text-only Advisories -
Redhat Ansible Automation Platform 2.0
Redhat Ansible Automation Platform 2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »