CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3583 – ansible: Template Injection through yaml multi-line strings with ansible facts used in template.
https://notcve.org/view.php?id=CVE-2021-3583
07 Jul 2021 — A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. Se encontró una falla en Ansible, donde ... • https://bugzilla.redhat.com/show_bug.cgi?id=1968412 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10709
https://notcve.org/view.php?id=CVE-2020-10709
27 May 2021 — A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6. • https://bugzilla.redhat.com/show_bug.cgi?id=1824033 • CWE-287: Improper Authentication CWE-613: Insufficient Session Expiration •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10698
https://notcve.org/view.php?id=CVE-2020-10698
27 May 2021 — A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6. • https://bugzilla.redhat.com/show_bug.cgi?id=1818924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10697
https://notcve.org/view.php?id=CVE-2020-10697
27 May 2021 — A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place ... • https://bugzilla.redhat.com/show_bug.cgi?id=1818445 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3447 – ansible: multiple modules expose secured values
https://notcve.org/view.php?id=CVE-2021-3447
01 Apr 2021 — A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This f... • https://bugzilla.redhat.com/show_bug.cgi?id=1939349 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20253 – ansible-tower: Privilege escalation via job isolation escape
https://notcve.org/view.php?id=CVE-2021-20253
09 Mar 2021 — A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en ansible-tower. La instalación predeterminada es vulnerable al escape de Job Isolation, permitiendo a un atacante elevar el privilegio de un u... • https://github.com/mbadanoiu/CVE-2021-20253 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14365 – ansible: dnf module install packages with no GPG signature
https://notcve.org/view.php?id=CVE-2020-14365
02 Sep 2020 — A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. Se encontr... • https://bugzilla.redhat.com/show_bug.cgi?id=1869154 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14327 – Tower: SSRF: Server Side Request Forgery on Credential
https://notcve.org/view.php?id=CVE-2020-14327
05 Aug 2020 — A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response. Se encontró un fallo de tipo Server-side request f... • https://bugzilla.redhat.com/show_bug.cgi?id=1856785 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14329 – Tower: Sensitive Data Exposure on Label
https://notcve.org/view.php?id=CVE-2020-14329
05 Aug 2020 — A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo de exposición de datos en Ansible Tower en versiones anteriores a 3.7.2, donde los datos confidenciales pueden estar expuestos desde el ... • https://bugzilla.redhat.com/show_bug.cgi?id=1856787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14328 – Tower: SSRF: Server Side Request Forgery on webhooks
https://notcve.org/view.php?id=CVE-2020-14328
05 Aug 2020 — A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en Ansible Tower en versiones anteriores a la 3.7.2. Puede ser abusado un fallo de tipo Server Side Reque... • https://bugzilla.redhat.com/show_bug.cgi?id=1856786 • CWE-918: Server-Side Request Forgery (SSRF) •