Known Vulnerabilities for Ansible Tower by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Ansible Tower" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-20253 json | A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to ele... | 6.7 - MEDIUM | 2021-03-09 | 2021-06-02 |
| CVE-2021-20228 json | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_l... | 7.5 - HIGH | 2021-04-29 | 2023-11-07 |
| CVE-2021-20191 json | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by... | 5.5 - MEDIUM | 2021-05-26 | 2023-12-28 |
| CVE-2021-20178 json | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the sec... | 5.5 - MEDIUM | 2021-05-26 | 2023-12-28 |
| CVE-2021-4112 json | A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an a... | 8.8 - HIGH | 2022-08-25 | 2023-02-12 |
| CVE-2021-3583 json | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through fact... | 7.1 - HIGH | 2021-09-22 | 2023-12-28 |
| CVE-2021-3533 json | A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When t... | Not Provided | 2021-06-09 | 2024-01-23 |
| CVE-2021-3532 json | A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes t... | Not Provided | 2021-06-09 | 2024-01-15 |
| CVE-2021-3447 json | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in p... | 5.5 - MEDIUM | 2021-04-01 | 2023-12-28 |
| CVE-2020-14365 json | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when in... | 7.1 - HIGH | 2020-09-23 | 2022-04-05 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ansible Tower | 3.7.2 | |||
| Application | Redhat | Ansible Tower | 3.7.1 | |||
| Application | Redhat | Ansible Tower | 3.7.0 | |||
| Application | Redhat | Ansible Tower | 3.6.5 | |||
| Application | Redhat | Ansible Tower | 3.6.4 | |||
| Application | Redhat | Ansible Tower | 3.6.3 | |||
| Application | Redhat | Ansible Tower | 3.6.2 | |||
| Application | Redhat | Ansible Tower | 3.6.1 | |||
| Application | Redhat | Ansible Tower | 3.6.0 | |||
| Application | Redhat | Ansible Tower | 3.5.6 | |||
| Application | Redhat | Ansible Tower | 3.5.5 | |||
| Application | Redhat | Ansible Tower | 3.5.4 | |||
| Application | Redhat | Ansible Tower | 3.5.3 | |||
| Application | Redhat | Ansible Tower | 3.5.2 | |||
| Application | Redhat | Ansible Tower | 3.5.1 | |||
| Application | Redhat | Ansible Tower | 3.5.0 | |||
| Application | Redhat | Ansible Tower | 3.4.5 | |||
| Application | Redhat | Ansible Tower | 3.4.4 | |||
| Application | Redhat | Ansible Tower | 3.4.3 | |||
| Application | Redhat | Ansible Tower | 3.4.2 |