Vulnerabilities > Redhat > Ansible Tower > 3.5.2

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2020-1737 Path Traversal vulnerability in Redhat Ansible Tower
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder.
local
low complexity
redhat CWE-22
7.8
7.8
2019-12-19 CVE-2019-19342 Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character.
network
low complexity
redhat CWE-209
5.3
5.3
2019-12-19 CVE-2019-19340 Insecure Default Initialization of Resource vulnerability in Redhat Ansible Tower and Enterprise Linux
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected.
network
low complexity
redhat CWE-1188
8.2
8.2