Vulnerabilities > Redhat > Ansible Tower > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-11 CVE-2020-10685 Incomplete Cleanup vulnerability in multiple products
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules.
local
low complexity
redhat debian CWE-459
5.5
2020-04-30 CVE-2020-10691 Path Traversal vulnerability in Redhat Ansible Engine and Ansible Tower
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install.
local
low complexity
redhat CWE-22
5.2
2020-03-31 CVE-2019-14905 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices.
local
low complexity
redhat fedoraproject opensuse CWE-668
5.6
2020-03-16 CVE-2020-1740 A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files.
local
high complexity
redhat debian fedoraproject
4.7
2020-03-16 CVE-2020-1735 A flaw was found in the Ansible Engine when the fetch module is used.
local
low complexity
redhat debian fedoraproject
4.6
2020-03-16 CVE-2020-1753 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module.
local
low complexity
redhat debian fedoraproject
5.5
2020-03-11 CVE-2020-1733 Race Condition vulnerability in multiple products
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user.
local
high complexity
redhat fedoraproject debian CWE-362
5.0
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors.
network
low complexity
redhat debian opensuse
6.5
2019-12-19 CVE-2019-19342 Information Exposure Through an Error Message vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character.
network
low complexity
redhat CWE-209
5.3
2019-12-19 CVE-2019-19341 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.6.0/3.6.1
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable.
local
low complexity
redhat CWE-732
5.5