Redhat Ansible Tower vulnerabilities

CVE-2021-4112 [HIGH] CWE-552 CVE-2021-4112: A flaw was found in ansible-tower where the default installation is vulnerable to job isolation esca A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

CVE-2021-3583 [HIGH] CWE-20 CVE-2021-3583: A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This iss A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, whi

CVE-2020-10709 [HIGH] CWE-287 CVE-2020-10709: A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 applicatio A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access

CVE-2020-14327 [MEDIUM] CWE-918 CVE-2020-14327: A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and be A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature

CVE-2020-10697 [MEDIUM] CWE-862 CVE-2020-10697: A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which me

CVE-2020-14329 [LOW] CWE-200 CVE-2020-14329: A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can b A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.

CVE-2020-10698 [LOW] CWE-200 CVE-2020-10698: A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdo A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower v

CVE-2020-14328 [LOW] CWE-918 CVE-2020-14328: A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can b A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability i

CVE-2021-20178 [MEDIUM] CWE-532 CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default and A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

CVE-2021-20191 [MEDIUM] CWE-532 CVE-2021-20191: A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by def A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are

CVE-2021-20228 [HIGH] CWE-200 CVE-2021-20228: A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

CVE-2021-3447 [MEDIUM] CWE-532 CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as secret A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal th

CVE-2021-20253 [MEDIUM] CWE-552 CVE-2021-20253: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape al A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14365 [HIGH] CWE-347 CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the syst

CVE-2020-14337 [MEDIUM] CWE-209 CVE-2020-14337: A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return erro A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-10782 [MEDIUM] CWE-200 CVE-2020-10782: An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.

CVE-2020-10744 [MEDIUM] CWE-377 CVE-2020-10744: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary direct An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansib

CVE-2020-1746 [MEDIUM] CWE-200 CVE-2020-1746: A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8 A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if

CVE-2020-10685 [MEDIUM] CWE-459 CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x b A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary dir

CVE-2020-10691 [MEDIUM] CWE-22 CVE-2020-10691: An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when runnin An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.