CVE-2020-14328

CWE-918 — Server-Side Request Forgery (SSRF)5 documents5 sources

Severity

3.3LOW

EPSS

0.0%

top 89.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Tower

Timeline

PublishedMay 27

Latest updateMay 24

Description

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDredhat/ansible_tower< 3.7.2

▶CVEListV5toweransible_tower 3.7.2

🔴Vulnerability Details

GHSA

GHSA-f2f4-jwfq-4q5v: A flaw was found in Ansible Tower in versions before 3↗2022-05-24

▶

CVEList

CVE-2020-14328: A flaw was found in Ansible Tower in versions before 3↗2021-05-27

▶

📋Vendor Advisories

Red Hat

Tower: SSRF: Server Side Request Forgery on webhooks↗2020-07-14

▶

💬Community

Bugzilla

CVE-2020-14328 Tower: SSRF: Server Side Request Forgery on webhooks↗2020-07-14

▶