Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tower vulnerabilities and exploits
(subscribe to this query)
329
VMScore
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr...
Redhat Ansible Tower 3.4.5
Redhat Ansible Tower 3.5.5
Redhat Ansible Tower 3.6.3
Redhat Ansible Engine 2.8.8
Redhat Ansible Engine 2.9.5
Redhat Ansible Engine
Redhat Ansible Tower
435
VMScore
CVE-2015-1368
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) prior to 2.0.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in...
Ansible Tower
1 EDB exploit
655
VMScore
CVE-2015-1481
Ansible Tower (aka Ansible UI) prior to 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
Ansible Tower
1 EDB exploit
505
VMScore
CVE-2015-1482
Ansible Tower (aka Ansible UI) prior to 2.0.5 allows remote malicious users to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
Ansible Tower
1 EDB exploit
605
VMScore
CVE-2019-10310
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using atta...
Jenkins Ansible Tower
312
VMScore
CVE-2021-20253
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an malicious user to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to...
Redhat Ansible Tower
1 Github repository
187
VMScore
CVE-2019-19341
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run...
Redhat Ansible Tower
445
VMScore
CVE-2019-19342
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 ...
Redhat Ansible Tower
605
VMScore
CVE-2018-10884
Ansible Tower prior to 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.
Redhat Ansible Tower
356
VMScore
CVE-2019-10312
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jen...
Jenkins Ansible Tower
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »