Vulnerabilities > Redhat > Ansible Tower > 1.3.0

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
2021-05-27 CVE-2020-14327 Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2.
local
low complexity
redhat CWE-918
2.1
2021-05-27 CVE-2020-14328 Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower in versions before 3.7.2.
local
low complexity
redhat CWE-918
2.1
2021-05-27 CVE-2020-14329 Information Exposure vulnerability in Redhat Ansible Tower
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint.
local
low complexity
redhat CWE-200
2.1
2021-05-27 CVE-2020-10697 Unspecified vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running Openshift.
local
low complexity
redhat
4.4
2021-05-27 CVE-2020-10698 Unspecified vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running jobs.
local
low complexity
redhat
2.1
2021-05-27 CVE-2020-10709 Insufficient Session Expiration vulnerability in Redhat Ansible Tower
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application.
local
low complexity
redhat CWE-613
7.1
2021-04-01 CVE-2021-3447 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode.
local
low complexity
redhat fedoraproject CWE-532
5.5
2021-03-09 CVE-2021-20253 Files or Directories Accessible to External Parties vulnerability in Redhat Ansible Tower
A flaw was found in ansible-tower.
local
high complexity
redhat CWE-552
3.5
2020-05-11 CVE-2020-10685 Incomplete Cleanup vulnerability in multiple products
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules.
local
low complexity
redhat debian CWE-459
5.5