Published: 27/05/2021 Updated: 07/06/2021

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions prior to 3.6.5 and prior to 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible tower

Synopsis Moderate: Red Hat Ansible Tower 372-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 372-1 - RHEL7 Container Description Updated Named URLs to allow for testing the presence or absence of objects (CVE-2020-14337) Fixed Tower Server Side ...

Synopsis Moderate: Red Hat Ansible Tower 365-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 365-1 - RHEL7 Container Description Removed reports option for Satellite inventory script Fixed Tower Server Side Request Forgery on Credentials (CVE-2 ...

CWE-918 https://bugzilla.redhat.com/show_bug.cgi?id=1856785 https://access.redhat.com/errata/RHSA-2020:3328 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-14327

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect