Vulnerabilities > Redhat > Ansible Tower > 3.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-11 | CVE-2020-1733 | Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. | 5.0 |
| 2020-03-09 | CVE-2020-1737 | Path Traversal vulnerability in Redhat Ansible Tower A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. | 7.8 |
| 2019-12-19 | CVE-2019-19342 | Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. | 5.3 |
| 2019-12-19 | CVE-2019-19341 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.6.0/3.6.1 A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. | 5.5 |
| 2019-12-19 | CVE-2019-19340 | Insecure Default Initialization of Resource vulnerability in Redhat Ansible Tower and Enterprise Linux A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. | 8.2 |
| 2019-11-26 | CVE-2019-14890 | Cleartext Storage of Sensitive Information vulnerability in Redhat Ansible Tower 3.6.0 A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | 8.4 |