Ansible Tower vulnerabilities
3 known vulnerabilities affecting ansible/tower.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2015-1481P3MEDIUMCVSS 6.5PoC≤ 2.0.42015-02-04
CVE-2015-1481 [MEDIUM] CWE-264 CVE-2015-1481: Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privil
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
nvd
CVE-2015-1482P3MEDIUMCVSS 5.0PoC≤ 2.0.42015-02-04
CVE-2015-1482 [MEDIUM] CWE-200 CVE-2015-1482: Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obt
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
nvd
CVE-2015-1368P4MEDIUMCVSS 4.3PoC≤ 2.0.22015-01-27
CVE-2015-1368 [MEDIUM] CWE-79 CVE-2015-1368: Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 a
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.
nvd