Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tower vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr...
Redhat Ansible Tower 3.4.5
Redhat Ansible Tower 3.5.5
Redhat Ansible Tower 3.6.3
Redhat Ansible Engine 2.8.8
Redhat Ansible Engine 2.9.5
Redhat Ansible Engine
Redhat Ansible Tower
NA
CVE-2015-1368
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) prior to 2.0.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in...
Ansible Tower
1 EDB exploit
NA
CVE-2015-1481
Ansible Tower (aka Ansible UI) prior to 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
Ansible Tower
1 EDB exploit
NA
CVE-2015-1482
Ansible Tower (aka Ansible UI) prior to 2.0.5 allows remote malicious users to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
Ansible Tower
1 EDB exploit
6.7
CVSSv3
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an malicious user to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to...
Redhat Ansible Tower
1 Github repository
8.8
CVSSv3
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using atta...
Jenkins Ansible Tower
8.8
CVSSv3
CVE-2019-10311
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using at...
Jenkins Ansible Tower
4.3
CVSSv3
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jen...
Jenkins Ansible Tower
3.3
CVSSv3
CVE-2020-10698
A flaw was found in Ansible Tower when running jobs. This flaw allows an malicious user to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected...
Redhat Ansible Tower
5.5
CVSSv3
CVE-2020-14327
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions prior to 3.6.5 and prior to 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services o...
Redhat Ansible Tower
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »