Red Hat Ansible Tower 3.7.3

CPE Details

Red Hat Ansible Tower 3.7.3
redhat
ansible_tower
3.7.3
2021-03-09
18h32 +00:00
2021-04-21
13h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:ansible_tower:3.7.3:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

ansible_tower

Version

3.7.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3447 2021-03-31 22h00 +00:00 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
5.5
Medium
CVE-2021-20253 2021-03-09 16h14 +00:00 A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
6.7
Medium