Redhat Ansible_tower
64 CVEs affecting Redhat Ansible_tower. Latest disclosed: 2022-08-25. Critical: 4, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-16879 | Critical | 9.8 | 2019-01-03 | Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery worker… |
CVE-2018-17456 | Critical | 9.8 | 2018-10-06 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code executio… |
CVE-2015-9262 | Critical | 9.8 | 2018-08-01 | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte… |
CVE-2018-12910 | Critical | 9.8 | 2018-07-05 | The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. |
CVE-2021-4112 | High | 8.8 | 2022-08-25 | A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege f… |
CVE-2018-1000805 | High | 8.8 | 2018-10-08 | Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This… |
CVE-2018-10884 | High | 8.8 | 2018-08-22 | Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this b… |
CVE-2018-14682 | High | 8.8 | 2018-07-28 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. |
CVE-2018-14681 | High | 8.8 | 2018-07-28 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte ove… |
CVE-2018-1104 | High | 8.8 | 2018-05-02 | Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on… |
CVE-2019-14890 | High | 8.4 | 2019-11-26 | A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RH… |
CVE-2017-12148 | High | 8.4 | 2018-07-27 | A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'd… |
CVE-2019-19340 | High | 8.2 | 2019-12-19 | A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_m… |
CVE-2016-7070 | High | 8.0 | 2018-09-11 | A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of… |
CVE-2020-10684 | High | 7.9 | 2020-03-24 | A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of… |
CVE-2018-16837 | High | 7.8 | 2018-10-23 | Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials… |
CVE-2021-20228 | High | 7.5 | 2021-04-29 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-opti… |
CVE-2020-1737 | High | 7.5 | 2020-03-09 | A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extract… |
CVE-2018-1060 | High | 7.5 | 2018-06-18 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use… |
CVE-2020-1734 | High | 7.4 | 2020-03-03 | A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by o… |