Vulnerabilities > Redhat > Ansible Tower > 2.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-28 | CVE-2019-3869 | Information Exposure vulnerability in Redhat Ansible Tower When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. | 7.2 |
2019-01-03 | CVE-2018-16879 | Missing Encryption of Sensitive Data vulnerability in Redhat Ansible Tower Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. | 9.8 |
2018-09-11 | CVE-2016-7070 | Permissions, Privileges, and Access Controls vulnerability in Redhat Ansible Tower A privilege escalation flaw was found in the Ansible Tower. | 8.0 |
2018-07-27 | CVE-2017-12148 | Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. | 7.2 |
2018-05-02 | CVE-2018-1104 | Code Injection vulnerability in Redhat Ansible Tower Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 8.8 |
2018-05-02 | CVE-2018-1101 | Weak Password Requirements vulnerability in Redhat Ansible Tower Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. | 7.2 |