CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19340 – Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly
https://notcve.org/view.php?id=CVE-2019-19340
17 Dec 2019 — A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2 y versiones 3.5.x anteriores a 3.5.3, donde habilitar el administrador de RabbitMQ configu... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19341 – Tower: intermediate files during Tower backup are world-readable
https://notcve.org/view.php?id=CVE-2019-19341
17 Dec 2019 — A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2, donde los archivos en "/var/backup/tower" pueden ser wor... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19342 – Tower: special characters in RabbitMQ passwords causes web socket 500 error
https://notcve.org/view.php?id=CVE-2019-19342
17 Dec 2019 — A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2 y versiones 3.5.x anteriores a... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19342 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14890 – Tower: RHSM username and password exposed after license application
https://notcve.org/view.php?id=CVE-2019-14890
25 Nov 2019 — A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. Se encontró una vulnerabilidad en Ansible Tower anterior de la versión 3.6.1, donde un atacante con pocos privilegios podía recuperar nombres de usuario y credenciales de contraseñas del nuevo RHSM guardado en texto plano en la base de datos en '/ api... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 1%CPEs: 12EXPL: 1CVE-2019-14864 – Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
https://notcve.org/view.php?id=CVE-2019-14864
20 Nov 2019 — Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Ansible, versiones 2.9.x anteriores a la versión 2.9.1, versiones 2.8.x anteriores a la versión 2.8.7 y Ansible versiones 2.7.x anteriores a la versión 2.7.15, no respeta el flag no_log, configurado en True cuando los... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14858 – ansible: sub parameters marked as no_log are not masked in certain failure scenarios
https://notcve.org/view.php?id=CVE-2019-14858
14 Oct 2019 — A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. Se detectó una vul... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10310
https://notcve.org/view.php?id=CVE-2019-10310
30 Apr 2019 — A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins Una vulnerabilidad de tipo cross-site request forgery en Jenkins Ansible Tower Plugin versión 0.9.1 y anteriores en el método de comprobac... • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10311
https://notcve.org/view.php?id=CVE-2019-10311
30 Apr 2019 — A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Ansible Tower plugin versión 0.9.1 y versiones anteriores en el método de comprobación ... • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10312
https://notcve.org/view.php?id=CVE-2019-10312
30 Apr 2019 — A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Ansible Tower Plugin versión 0.9.1 y anteriores, en el método TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems permitió a los atacantes con permiso Overall/Read... • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3869 – Tower: credentials leaked through environment variables
https://notcve.org/view.php?id=CVE-2019-3869
28 Mar 2019 — When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges. Al ejecutar Tower, en versiones anteriores a la 3.4.3 en OpenShift o Kubernetes, las credenciales de aplicación se exponen a ejecuciones "playbook job" mediante variables de entorno. Un usuario malicioso capacitado para escribir playbooks podría utilizar esto para ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-214: Invocation of Process Using Visible Sensitive Information •