Vulnerabilities > Jenkins > Ansible Tower

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-10312 Missing Authorization vulnerability in Jenkins Ansible Tower
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2019-04-30 CVE-2019-10311 Missing Authorization vulnerability in Jenkins Ansible Tower
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
8.8
2019-04-30 CVE-2019-10310 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ansible Tower
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
network
low complexity
jenkins CWE-352
8.8