Skip to main content

Ansible Tower

52 CVEs product

Monthly

CVE-2021-3583 PyPI HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine Ansible Tower
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-20191 PyPI MEDIUM PATCH This Month

A flaw was found in ansible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtualization Ansible Ansible Tower Cisco Nx Os Collection +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20178 PyPI MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20228 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-3447 PyPI MEDIUM PATCH This Month

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ansible Ansible Tower Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20253 MEDIUM This Month

A flaw was found in ansible-tower. Rated medium severity (CVSS 6.7). No vendor patch available.

Path Traversal Information Disclosure Ansible Tower
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-14365 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine Ansible Tower Ceph Storage +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-14337 MEDIUM This Month

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
5.8
EPSS
1.5%
CVE-2020-10782 MEDIUM This Month

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-10744 PyPI MEDIUM PATCH This Month

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Ansible Ansible Tower
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2020-1746 PyPI MEDIUM PATCH This Month

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2020-10685 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine Ansible Tower Ceph Storage +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10691 PyPI MEDIUM PATCH This Month

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2020-10684 PyPI HIGH PATCH This Week

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection Ansible Ansible Tower +3
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-1740 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible Ansible Tower Cloudforms Management Engine +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-1738 PyPI LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-1736 PyPI LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-1735 PyPI MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-1753 PyPI MEDIUM POC PATCH This Month

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Ansible Engine Ansible Tower Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-1739 PyPI LOW PATCH Monitor

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-1733 PyPI MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2020-1737 PyPI HIGH PATCH This Week

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1734 PyPI HIGH PATCH This Week

A flaw was found in the pipe lookup plugin of ansible. Rated high severity (CVSS 7.4). No vendor patch available.

Command Injection Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2019-19342 MEDIUM This Month

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-19341 MEDIUM This Month

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-19340 HIGH This Week

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-14890 HIGH This Week

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2019-14858 PyPI MEDIUM PATCH This Month

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-10312 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-10311 Maven HIGH PATCH This Week

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10310 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Ansible Tower
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-3869 HIGH PATCH This Week

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Ansible Tower
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-3838 MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3835 MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2018-16837 PyPI HIGH PATCH This Week

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower Debian Linux Package Hub
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1000805 PyPI HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower Virtualization Host Enterprise Linux Desktop +7
NVD GitHub
CVSS 3.1
8.8
EPSS
4.4%
CVE-2018-17456 CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower Enterprise Linux Enterprise Linux Desktop +7
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
97.4%
CVE-2018-10884 HIGH This Week

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ansible Tower
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-14682 HIGH PATCH This Week

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-14681 HIGH PATCH This Week

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libmspack Cabextract Ubuntu Linux +5
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-14680 MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
6.5
EPSS
3.8%
CVE-2018-14679 MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
6.5
EPSS
3.3%
CVE-2018-13988 MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Poppler Ubuntu Linux +6
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-12910 CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-1061 HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux Ansible Tower Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-1060 HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora Ubuntu Linux Ansible Tower +4
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2018-0495 MEDIUM POC PATCH This Month

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Libgcrypt Ubuntu Linux Debian Linux Ansible Tower +4
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2018-10768 MEDIUM POC This Month

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Null Pointer Dereference Denial Of Service Poppler Ubuntu Linux +5
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-10767 MEDIUM POC This Month

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libgxps Ansible Tower +3
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10733 MEDIUM POC This Month

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libgxps Ansible Tower +4
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-1104 HIGH This Week

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ansible Tower Cloudforms
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-1101 HIGH This Week

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ansible Tower Cloudforms
NVD
CVSS 3.0
7.2
EPSS
2.0%
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ansible Automation Platform Ansible Engine +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ansible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtualization Ansible +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Automation Platform +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ansible +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A flaw was found in ansible-tower. Rated medium severity (CVSS 6.7). No vendor patch available.

Path Traversal Information Disclosure Ansible Tower
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine +4
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Ansible Ansible Tower
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Tower +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine +5
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection +5
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible +5
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Ansible Ansible Tower +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower +3
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Ansible Engine +3
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Ansible Tower +4
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Information Disclosure Ansible Ansible Tower +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

A flaw was found in the pipe lookup plugin of ansible. Rated high severity (CVSS 7.4). No vendor patch available.

Command Injection Ansible Engine Ansible Tower
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
EPSS 2% CVSS 8.2
HIGH This Week

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower Enterprise Linux
NVD
EPSS 0% CVSS 8.4
HIGH This Week

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Ansible Tower
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Ansible Tower
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower +10
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower +9
NVD GitHub
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower +9
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ansible Tower
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract +6
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libmspack +7
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract +6
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libmspack Cabextract +6
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +8
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup +8
NVD
EPSS 5% CVSS 7.5
HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux +6
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora +6
NVD
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Libgcrypt Ubuntu Linux +6
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Null Pointer Dereference Denial Of Service +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +6
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ansible Tower Cloudforms
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ansible Tower Cloudforms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy