Vulnerabilities > Redhat > Ansible Tower > High

DATE CVE VULNERABILITY TITLE RISK
2019-03-28 CVE-2019-3869 Information Exposure vulnerability in Redhat Ansible Tower
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables.
network
low complexity
redhat CWE-200
7.2
2018-10-23 CVE-2018-16837 Missing Encryption of Sensitive Data vulnerability in multiple products
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.
local
low complexity
redhat debian suse CWE-311
7.8
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
2018-09-11 CVE-2016-7070 Permissions, Privileges, and Access Controls vulnerability in Redhat Ansible Tower
A privilege escalation flaw was found in the Ansible Tower.
low complexity
redhat CWE-264
8.0
2018-08-22 CVE-2018-10884 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py.
network
low complexity
redhat CWE-352
8.8
2018-07-28 CVE-2018-14682 Off-by-one Error vulnerability in multiple products
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
8.8
2018-07-28 CVE-2018-14681 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha.
8.8
2018-07-27 CVE-2017-12148 Improper Input Validation vulnerability in Redhat Ansible Tower and Cloudforms
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories.
network
low complexity
redhat CWE-20
7.2
2018-06-19 CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
network
low complexity
python debian redhat canonical fedoraproject
7.5
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
network
low complexity
python fedoraproject canonical redhat debian
7.5