Vulnerabilities > Redhat > Ansible Tower > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2020-10697 | Unspecified vulnerability in Redhat Ansible Tower A flaw was found in Ansible Tower when running Openshift. | 4.4 |
| 2021-05-26 | CVE-2021-20191 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in ansible. | 5.5 |
| 2021-05-26 | CVE-2021-20178 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. | 5.5 |
| 2021-04-01 | CVE-2021-3447 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. | 5.5 |
| 2020-09-23 | CVE-2020-14365 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. | 6.6 |
| 2020-07-31 | CVE-2020-14337 | Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower 3.0.0 A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. | 5.0 |
| 2020-06-18 | CVE-2020-10782 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.7.0 An exposure of sensitive information flaw was found in Ansible version 3.7.0. | 6.5 |
| 2020-05-15 | CVE-2020-10744 | Race Condition vulnerability in Redhat Ansible and Ansible Tower An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. | 5.0 |
| 2020-05-12 | CVE-2020-1746 | Information Exposure vulnerability in multiple products A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. | 5.0 |
| 2020-05-11 | CVE-2020-10685 | Incomplete Cleanup vulnerability in multiple products A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. | 5.5 |