CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19342 – Tower: special characters in RabbitMQ passwords causes web socket 500 error
https://notcve.org/view.php?id=CVE-2019-19342
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2 y versiones 3.5.x anteriores a 3.5.4, cuando /websocket es solicitado y la contraseña contiene el carácter "#". Esta petición provocaría un error de socket en RabbitMQ al analizar la contraseña y se producirá un código de error HTTP 500 y una divulgación de contraseña parcial en texto plano. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19342 https://access.redhat.com/security/cve/CVE-2019-19342 https://bugzilla.redhat.com/show_bug.cgi?id=1782623 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19340 – Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly
https://notcve.org/view.php?id=CVE-2019-19340
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2 y versiones 3.5.x anteriores a 3.5.3, donde habilitar el administrador de RabbitMQ configurándolo con "-e rabbitmq_enable_manager=true" expone la interfaz de administración de RabbitMQ públicamente, como era esperado. Si el usuario administrador predeterminado aún está activo, un atacante podría adivinar la contraseña y conseguir acceso al sistema. A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340 https://access.redhat.com/security/cve/CVE-2019-19340 https://bugzilla.redhat.com/show_bug.cgi?id=1782624 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19341 – Tower: intermediate files during Tower backup are world-readable
https://notcve.org/view.php?id=CVE-2019-19341
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. Se encontró un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2, donde los archivos en "/var/backup/tower" pueden ser world-readable. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341 https://access.redhat.com/security/cve/CVE-2019-19341 https://bugzilla.redhat.com/show_bug.cgi?id=1782625 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14890 – Tower: RHSM username and password exposed after license application
https://notcve.org/view.php?id=CVE-2019-14890
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license. Se encontró una vulnerabilidad en Ansible Tower anterior de la versión 3.6.1, donde un atacante con pocos privilegios podía recuperar nombres de usuario y credenciales de contraseñas del nuevo RHSM guardado en texto plano en la base de datos en '/ api / v2 / config' al aplicar la licencia de Ansible Tower. A flaw was found in Ansible Tower where the RHSM credentials are saved in plain text in the database that is available at '/api/v2/config' after applying the Ansible Tower license. Attackers with this information could log into RHSM and modify licenses and make other changes. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890 https://access.redhat.com/security/cve/CVE-2019-14890 https://bugzilla.redhat.com/show_bug.cgi?id=1773622 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-14864 – Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
https://notcve.org/view.php?id=CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Ansible, versiones 2.9.x anteriores a la versión 2.9.1, versiones 2.8.x anteriores a la versión 2.8.7 y Ansible versiones 2.7.x anteriores a la versión 2.7.15, no respeta el flag no_log, configurado en True cuando los plugins de devolución de llamada Sumologic y Splunk son usados para enviar eventos de resultados de tareas para coleccionistas. Esto revelaría y recolectaría cualquier información confidencial. A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag no_log is enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864 https://github.com/ansible/ansible/issues/63522 https://github.com/ansible/ansible/pull/63527 https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-14864 https://bugzilla.redhat.com/show_bug.cgi?id=1764148 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •