Vulnerabilities > Redhat > Ansible Tower > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-25 | CVE-2021-4112 | Files or Directories Accessible to External Parties vulnerability in Redhat products A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. | 8.8 |
| 2021-09-22 | CVE-2021-3583 | Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower A flaw was found in Ansible, where a user's controller is vulnerable to template injection. | 7.1 |
| 2021-05-27 | CVE-2020-14327 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. | 2.1 |
| 2021-05-27 | CVE-2020-14328 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower in versions before 3.7.2. | 2.1 |
| 2021-05-27 | CVE-2020-14329 | Information Exposure vulnerability in Redhat Ansible Tower A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. | 2.1 |
| 2021-05-27 | CVE-2020-10697 | Unspecified vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower when running Openshift. | 4.4 |
| 2021-05-27 | CVE-2020-10698 | Unspecified vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower when running jobs. | 2.1 |
| 2021-05-27 | CVE-2020-10709 | Insufficient Session Expiration vulnerability in Redhat Ansible Tower A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. | 7.1 |
| 2021-05-26 | CVE-2021-20191 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in ansible. | 5.5 |
| 2021-05-26 | CVE-2021-20178 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 5.5 |