cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-3248,https://securityvulnerability.io/vulnerability/CVE-2022-3248,"Openshift api admission checks does not enforce ""custom-host"" permissions","A flaw was found in OpenShift API, as admission checks do not enforce ""custom-host"" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.",Red Hat,"Kubernetes,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Tower 3,Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4",4.4,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2023-10-05T13:28:27.973Z,0
CVE-2020-10782,https://securityvulnerability.io/vulnerability/CVE-2020-10782,Sensitive Information Exposure in Ansible by Red Hat,"A vulnerability in Ansible version 3.7.0 allows for the exposure of sensitive information, such as tokens and secrets, due to improperly set world-readable permissions in the rsyslog configuration file. This flaw poses a risk to confidentiality as unintended access to sensitive data may occur. Users are encouraged to update to Ansible version 3.7.1, where this issue has been addressed.",Red Hat,Ansible Tower,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-18T12:49:07.000Z,0
CVE-2019-19341,https://securityvulnerability.io/vulnerability/CVE-2019-19341,File Permissions Flaw in Ansible Tower by Red Hat,"A vulnerability exists in Ansible Tower versions prior to 3.6.2, where files in the '/var/backup/tower' directory are left world-readable. This includes critical data such as the SECRET_KEY and database backups. Any user with access to the server and knowledge of backup schedules can potentially retrieve all stored credentials, which poses a significant security risk.",Red Hat,Tower,5.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-19T20:24:18.000Z,0
CVE-2019-19342,https://securityvulnerability.io/vulnerability/CVE-2019-19342,Password Parsing Flaw in Ansible Tower by Red Hat,"A vulnerability exists in Ansible Tower that occurs when a websocket request is made with a password containing the '#' character. This flaw leads to a socket error in RabbitMQ during password parsing, resulting in an HTTP error code 500 and a potential leak of the password in plaintext. As attackers may exploit this weakness, predictable passwords could be easily guessed or subjected to brute-force techniques, increasing the risk of unauthorized access.",Red Hat,Tower,5.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2019-12-19T20:20:01.000Z,0
CVE-2019-19340,https://securityvulnerability.io/vulnerability/CVE-2019-19340,Exposure of RabbitMQ Management Interface in Ansible Tower,"A security misconfiguration was identified in Ansible Tower, affecting versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.3. When the RabbitMQ management interface is enabled using the flag '-e rabbitmq_enable_manager=true', it becomes exposed to the public. If the default admin account remains active, it presents an opportunity for attackers to exploit weak or guessed passwords, potentially allowing unauthorized access to the system.",Red Hat,Tower,8.2,HIGH,0.001970000099390745,false,,false,false,false,,,false,false,,2019-12-19T20:16:46.000Z,0
CVE-2019-3869,https://securityvulnerability.io/vulnerability/CVE-2019-3869,,"When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.",Red Hat,Tower,7.2,HIGH,0.00107999995816499,false,,false,false,false,,,false,false,,2019-03-28T13:04:59.000Z,0
CVE-2016-7070,https://securityvulnerability.io/vulnerability/CVE-2016-7070,,"A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.",Red Hat,Ansible Tower,8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-09-11T13:00:00.000Z,0
CVE-2017-7528,https://securityvulnerability.io/vulnerability/CVE-2017-7528,,Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).,Red Hat,Ansible Tower,5.2,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2018-08-22T16:00:00.000Z,0
CVE-2018-10884,https://securityvulnerability.io/vulnerability/CVE-2018-10884,,Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.,Red Hat,Ansible-tower,8.8,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2018-08-22T14:00:00.000Z,0
CVE-2017-12148,https://securityvulnerability.io/vulnerability/CVE-2017-12148,,"A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.",Red Hat,Ansible Tower,8.4,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2018-07-27T16:00:00.000Z,0
CVE-2018-1104,https://securityvulnerability.io/vulnerability/CVE-2018-1104,,Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.,Red Hat,Ansible Tower,8.8,HIGH,0.003389999968931079,false,,false,false,false,,,false,false,,2018-05-02T19:29:00.000Z,0
CVE-2018-1101,https://securityvulnerability.io/vulnerability/CVE-2018-1101,,"Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.",Red Hat,Ansible Tower,7.2,HIGH,0.0024500000290572643,false,,false,false,false,,,false,false,,2018-05-02T18:29:00.000Z,0