Ansible Tower
Vulnerabilities
120
Known exploited
1
Max CVSS
9.8
Top EPSS
0.98507
Severity breakdown
Critical
3
High
39
Medium
65
Low
13
Affected version ranges
3.0–3.5.03.1.0–3.1.83.4.0–3.4.53.5.0–3.5.33.5.0–3.5.43.6.0–3.6.23.6.0–3.6.5< 3.0.3< 3.1.5< 3.2.4< 3.3.3< 3.3.5< 3.4.6< 3.5.6< 3.6.5< 3.6.7< 3.7.0< 3.7.2< 3.8.2≤ 3.2.3≤ 3.3.4≤ 3.3.5≤ 3.4.5
Also matched as (raw): ansible tower,ansible_tower,ansible,cloudforms_management_engine,enterprise_linux_desktop,ansible_automation_platform_early_access,openstack,enterprise_linux_server,enterprise_linux_workstation,ansible_automation_platform_text-only_advisories,ansible_engine,ansible-tower
Top vulnerabilities
CVE-2018-7750transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2018-1000805Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
BDU:2024-09951Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путем отправки специально сформированных данных на вход веб-приложения
CVE-2021-4112A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
CVE-2018-17456Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
CVE-2018-1104Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
CVE-2018-10884Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.
CVE-2017-7530In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).
BDU:2020-01873Уязвимость функции kwajd_read_headers библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью файла формата KWAJ
BDU:2019-02721Уязвимость библиотеки Paramiko операционных систем Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization и консоли управления Red Hat Ansible Tower связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью SSH протокола
CVE-2019-14890A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
CVE-2017-12148A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
BDU:2019-04794Уязвимость компонента «/api/v2/config» консоли управления Red Hat Ansible Tower связана с незашифрованным хранением конфиденциальной информации. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к паролям пользователей приложения
CVE-2019-19340A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
BDU:2022-00756Уязвимость реализации модуля Class Cleaner библиотеки для обработки разметки XML и HTML Lxml связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществлять межсайтовые сценарные атаки с помощью специально созданных SVG-файлов
CVE-2019-5418There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2018-1101Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
CVE-2016-7070A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
CVE-2020-10684A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
CVE-2018-16837Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
CVE-2018-10905CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
BDU:2021-02749Уязвимость функции ngx_resolver_copy() сервера nginx связана с ошибкой единичного смещения в результате записи символа точки ('.', 0x2E) за пределы буфера кучи. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании путем отправки специально созданных UDP-пакетов
CVE-2020-1737A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
CVE-2018-3760There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
CVE-2012-6685Nokogiri before 1.5.4 is vulnerable to XXE attacks