Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible tower vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr...
Redhat Ansible Tower 3.4.5
Redhat Ansible Tower 3.5.5
Redhat Ansible Tower 3.6.3
Redhat Ansible Engine 2.8.8
Redhat Ansible Engine 2.9.5
Redhat Ansible Engine
Redhat Ansible Tower
5
CVSSv3
CVE-2020-10744
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18...
Redhat Ansible Tower
Redhat Ansible
7.8
CVSSv3
CVE-2020-1737
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by cra...
Redhat Ansible Tower
Redhat Ansible Engine
5.5
CVSSv3
CVE-2019-14858
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub par...
Redhat Ansible Engine
Redhat Ansible Tower
7.1
CVSSv3
CVE-2021-3583
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special ...
Redhat Ansible Automation Platform 1.2
Redhat Ansible Tower
Redhat Ansible Engine
5.2
CVSSv3
CVE-2020-10691
An archive traversal flaw was found in all ansible-engine versions 2.9.x before 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrit...
Redhat Ansible Engine
Redhat Ansible Tower 3.0
4.4
CVSSv3
CVE-2020-10697
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in th...
Redhat Ansible Tower
7.1
CVSSv3
CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an malicious user to obtain a refresh token that does not expire. The original token granted to the user...
Redhat Ansible Tower
5.5
CVSSv3
CVE-2020-14327
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions prior to 3.6.5 and prior to 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services o...
Redhat Ansible Tower
8.8
CVSSv3
CVE-2018-10884
Ansible Tower prior to 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.
Redhat Ansible Tower
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »