CPE-3C489D25-125A-40D2-B7D2-25505CDF797E Detail

CPE Details

Red Hat Ansible Tower 3.7.2

Vendor

redhat

Product

ansible_tower

Version

3.7.2

Created

2021-02-10
12h54 +00:00

Modified

2021-02-10
12h54 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:ansible_tower:3.7.2:::::::*

Informations

Vendor

redhat

Product

ansible_tower

Version

3.7.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2021-3447	2021-03-31 22h00 +00:00	A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.	5.5	Medium
CVE-2021-20253	2021-03-09 16h14 +00:00	A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	6.7	Medium
CVE-2020-14365	2020-09-23 10h25 +00:00	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.	7.1	High
CVE-2020-1736	2020-03-16 14h03 +00:00	A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.	3.3	Low

Red Hat Ansible Tower 3.7.2

CPE Details

CPE Name: cpe:2.3:a:redhat:ansible_tower:3.7.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:ansible_tower:3.7.2:::::::*