Vulnerabilities > Redhat > Ansible Tower > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2021-4112 Unspecified vulnerability in Redhat products
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape.
local
low complexity
redhat
8.8
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
2021-05-27 CVE-2020-10709 Insufficient Session Expiration vulnerability in Redhat Ansible Tower
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application.
local
low complexity
redhat CWE-613
7.1
2021-04-29 CVE-2021-20228 Information Exposure vulnerability in multiple products
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module.
network
low complexity
redhat debian CWE-200
7.5
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
local
low complexity
redhat debian
7.1
2020-03-24 CVE-2020-10684 Missing Authorization vulnerability in multiple products
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean.
local
low complexity
redhat debian fedoraproject CWE-862
7.1
2020-03-09 CVE-2020-1737 Path Traversal vulnerability in Redhat Ansible Tower
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder.
local
low complexity
redhat CWE-22
7.8
2020-03-03 CVE-2020-1734 Unspecified vulnerability in Redhat Ansible Engine and Ansible Tower
A flaw was found in the pipe lookup plugin of ansible.
local
high complexity
redhat
7.4
2019-12-19 CVE-2019-19340 Insecure Default Initialization of Resource vulnerability in Redhat Ansible Tower and Enterprise Linux
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected.
network
low complexity
redhat CWE-1188
8.2
2019-11-26 CVE-2019-14890 Cleartext Storage of Sensitive Information vulnerability in Redhat Ansible Tower 3.6.0
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
local
low complexity
redhat CWE-312
8.4