Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2017-12148
A flaw was found in Ansible Tower's interface prior to 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository...
Redhat Ansible Tower
Redhat Cloudforms 4.5
9.8
CVSSv3
CVE-2018-16879
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service att...
Redhat Ansible Tower
3.3
CVSSv3
CVE-2020-10698
A flaw was found in Ansible Tower when running jobs. This flaw allows an malicious user to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected...
Redhat Ansible Tower
7.2
CVSSv3
CVE-2019-3869
When running Tower prior to 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Redhat Ansible Tower
6.7
CVSSv3
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an malicious user to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to...
Redhat Ansible Tower
1 Github repository
8
CVSSv3
CVE-2016-7070
A privilege escalation flaw was found in the Ansible Tower. When Tower prior to 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
Redhat Ansible Tower
7.1
CVSSv3
CVE-2020-25636
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly t...
Redhat Ansible 2.10.1
5.5
CVSSv3
CVE-2019-19341
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run...
Redhat Ansible Tower
5.3
CVSSv3
CVE-2019-19342
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 ...
Redhat Ansible Tower
5.5
CVSSv3
CVE-2020-14327
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions prior to 3.6.5 and prior to 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services o...
Redhat Ansible Tower
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »