Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Ansible Tower
Total 64 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3532 2 Fedoraproject, Redhat 6 Fedora, Ansible Automation Platform, Ansible Engine and 3 more 2021-06-21 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
CVE-2021-3533 2 Fedoraproject, Redhat 6 Fedora, Ansible Automation Platform, Ansible Engine and 3 more 2021-06-17 1.2 LOW 2.5 LOW
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
CVE-2020-10697 1 Redhat 1 Ansible Tower 2021-06-08 3.6 LOW 4.4 MEDIUM
A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
CVE-2020-10709 1 Redhat 1 Ansible Tower 2021-06-08 3.6 LOW 7.1 HIGH
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6.
CVE-2020-10698 1 Redhat 1 Ansible Tower 2021-06-07 2.1 LOW 3.3 LOW
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
CVE-2020-14327 1 Redhat 1 Ansible Tower 2021-06-07 2.1 LOW 5.5 MEDIUM
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response.
CVE-2020-14328 1 Redhat 1 Ansible Tower 2021-06-07 2.1 LOW 3.3 LOW
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.
CVE-2020-14329 1 Redhat 1 Ansible Tower 2021-06-07 2.1 LOW 3.3 LOW
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20178 2 Fedoraproject, Redhat 3 Fedora, Ansible, Ansible Tower 2021-06-03 2.1 LOW 5.5 MEDIUM
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20191 2 Oracle, Redhat 8 Virtualization, Ansible, Ansible Tower and 5 more 2021-06-03 2.1 LOW 5.5 MEDIUM
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
CVE-2021-3447 2 Fedoraproject, Redhat 3 Fedora, Ansible, Ansible Tower 2021-06-03 2.1 LOW 5.5 MEDIUM
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
CVE-2021-20253 1 Redhat 1 Ansible Tower 2021-06-02 3.5 LOW 6.7 MEDIUM
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-20228 1 Redhat 3 Ansible Automation Platform, Ansible Engine, Ansible Tower 2021-05-03 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
CVE-2018-14682 5 Cabextract, Cabextract Project, Canonical and 2 more 8 Libmspack, Cabextract, Ubuntu Linux and 5 more 2021-04-26 6.8 MEDIUM 8.8 HIGH
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
CVE-2018-14679 5 Cabextract, Cabextract Project, Canonical and 2 more 8 Libmspack, Cabextract, Ubuntu Linux and 5 more 2021-04-26 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
CVE-2018-14681 5 Cabextract, Cabextract Project, Canonical and 2 more 8 Libmspack, Cabextract, Ubuntu Linux and 5 more 2021-04-26 6.8 MEDIUM 8.8 HIGH
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
CVE-2018-14680 5 Cabextract, Cabextract Project, Canonical and 2 more 8 Libmspack, Cabextract, Ubuntu Linux and 5 more 2021-04-26 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-16879 1 Redhat 1 Ansible Tower 2020-12-04 7.5 HIGH 9.8 CRITICAL
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
CVE-2019-19341 1 Redhat 1 Ansible Tower 2020-12-04 2.1 LOW 5.5 MEDIUM
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.
CVE-2019-19340 1 Redhat 2 Ansible Tower, Enterprise Linux 2020-12-04 6.4 MEDIUM 8.2 HIGH
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.