Vulnerabilities > Redhat > Ansible Tower
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-03 | CVE-2020-1734 | OS Command Injection vulnerability in Redhat Ansible Engine and Ansible Tower A flaw was found in the pipe lookup plugin of ansible. | 7.4 |
| 2020-01-02 | CVE-2019-14864 | Improper Output Neutralization for Logs vulnerability in multiple products Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. | 4.0 |
| 2019-12-19 | CVE-2019-19342 | Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. | 5.0 |
| 2019-12-19 | CVE-2019-19341 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.6.0/3.6.1 A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. | 5.5 |
| 2019-12-19 | CVE-2019-19340 | Insecure Default Initialization of Resource vulnerability in Redhat Ansible Tower and Enterprise Linux A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. | 8.2 |
| 2019-11-26 | CVE-2019-14890 | Cleartext Storage of Sensitive Information vulnerability in Redhat Ansible Tower 3.6.0 A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. | 2.1 |
| 2019-10-14 | CVE-2019-14858 | Information Exposure Through Log Files vulnerability in Redhat Ansible Engine A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. | 2.1 |
| 2019-03-28 | CVE-2019-3869 | Information Exposure vulnerability in Redhat Ansible Tower When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. | 4.0 |
| 2019-03-25 | CVE-2019-3838 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. | 5.5 |
| 2019-03-25 | CVE-2019-3835 | Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. | 5.5 |