Vulnerabilities > Redhat > Ansible Tower > 3.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2020-14327 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. | 2.1 |
| 2021-05-27 | CVE-2020-14328 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower in versions before 3.7.2. | 2.1 |
| 2021-05-27 | CVE-2020-14329 | Information Exposure vulnerability in Redhat Ansible Tower A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. | 2.1 |
| 2021-04-01 | CVE-2021-3447 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. | 5.5 |
| 2021-03-09 | CVE-2021-20253 | Files or Directories Accessible to External Parties vulnerability in Redhat Ansible Tower A flaw was found in ansible-tower. | 3.5 |
| 2020-09-23 | CVE-2020-14365 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. | 6.6 |
| 2020-06-18 | CVE-2020-10782 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.7.0 An exposure of sensitive information flaw was found in Ansible version 3.7.0. | 6.5 |
| 2020-03-16 | CVE-2020-1736 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. | 3.3 |