Vulnerabilities > Redhat > Ansible Tower > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-14327 Unspecified vulnerability in Redhat Ansible Tower
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2.
local
low complexity
redhat
5.5
2021-05-27 CVE-2020-10697 Unspecified vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running Openshift.
local
low complexity
redhat
4.4
2021-05-26 CVE-2021-20191 A flaw was found in ansible.
local
low complexity
oracle redhat
5.5
2021-05-26 CVE-2021-20178 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module.
local
low complexity
redhat fedoraproject
5.5
2021-04-01 CVE-2021-3447 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode.
local
low complexity
redhat fedoraproject
5.5
2021-03-09 CVE-2021-20253 Unspecified vulnerability in Redhat Ansible Tower
A flaw was found in ansible-tower.
local
high complexity
redhat
6.7
2020-07-31 CVE-2020-14337 Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower 3.0.0
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes.
network
low complexity
redhat CWE-209
5.8
2020-06-18 CVE-2020-10782 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.7.0
An exposure of sensitive information flaw was found in Ansible version 3.7.0.
local
low complexity
redhat CWE-732
6.5
2020-05-15 CVE-2020-10744 Race Condition vulnerability in Redhat Ansible and Ansible Tower
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive.
local
high complexity
redhat CWE-362
5.0
2020-05-12 CVE-2020-1746 A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used.
local
low complexity
redhat debian
5.0