Known Vulnerabilities for Ansible Tower by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Ansible Tower" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-20253 | A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to ele... | 6.7 - MEDIUM | 2021-03-09 | 2021-06-02 |
| CVE-2021-20228 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_l... | 7.5 - HIGH | 2021-04-29 | 2023-11-07 |
| CVE-2021-20191 | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by... | 5.5 - MEDIUM | 2021-05-26 | 2023-12-28 |
| CVE-2021-20178 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the sec... | 5.5 - MEDIUM | 2021-05-26 | 2023-12-28 |
| CVE-2021-4112 | A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an a... | 8.8 - HIGH | 2022-08-25 | 2023-02-12 |
| CVE-2021-3583 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through fact... | 7.1 - HIGH | 2021-09-22 | 2023-12-28 |
| CVE-2021-3533 | A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When t... | Not Provided | 2021-06-09 | 2024-01-23 |
| CVE-2021-3532 | A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes t... | Not Provided | 2021-06-09 | 2024-01-15 |
| CVE-2021-3447 | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in p... | 5.5 - MEDIUM | 2021-04-01 | 2023-12-28 |
| CVE-2020-1733 | A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook ... | 5 - MEDIUM | 2020-03-11 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ansible Tower | 3.7.2 | All | All | All |
| Application | Redhat | Ansible Tower | 3.7.1 | All | All | All |
| Application | Redhat | Ansible Tower | 3.7.0 | All | All | All |
| Application | Redhat | Ansible Tower | 3.6.5 | All | All | All |
| Application | Redhat | Ansible Tower | 3.6.4 | All | All | All |
| Application | Redhat | Ansible Tower | 3.6.3 | All | All | All |
| Application | Redhat | Ansible Tower | 3.6.2 | All | All | All |
| Application | Redhat | Ansible Tower | 3.6.1 | All | All | All |
| Application | Redhat | Ansible Tower | 3.6.0 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.6 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.5 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.4 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.3 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.2 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.1 | All | All | All |
| Application | Redhat | Ansible Tower | 3.5.0 | All | All | All |
| Application | Redhat | Ansible Tower | 3.4.5 | All | All | All |
| Application | Redhat | Ansible Tower | 3.4.4 | All | All | All |
| Application | Redhat | Ansible Tower | 3.4.3 | All | All | All |
| Application | Redhat | Ansible Tower | 3.4.2 | All | All | All |