cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-3248,https://securityvulnerability.io/vulnerability/CVE-2022-3248,"Openshift api admission checks does not enforce ""custom-host"" permissions","A flaw was found in OpenShift API, as admission checks do not enforce ""custom-host"" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.",Red Hat,"Kubernetes,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Tower 3,Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4",4.4,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2023-10-05T13:28:27.973Z,0
CVE-2020-10782,https://securityvulnerability.io/vulnerability/CVE-2020-10782,Sensitive Information Exposure in Ansible by Red Hat,"A vulnerability in Ansible version 3.7.0 allows for the exposure of sensitive information, such as tokens and secrets, due to improperly set world-readable permissions in the rsyslog configuration file. This flaw poses a risk to confidentiality as unintended access to sensitive data may occur. Users are encouraged to update to Ansible version 3.7.1, where this issue has been addressed.",Red Hat,Ansible Tower,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-06-18T12:49:07.000Z,0
CVE-2019-19341,https://securityvulnerability.io/vulnerability/CVE-2019-19341,File Permissions Flaw in Ansible Tower by Red Hat,"A vulnerability exists in Ansible Tower versions prior to 3.6.2, where files in the '/var/backup/tower' directory are left world-readable. This includes critical data such as the SECRET_KEY and database backups. Any user with access to the server and knowledge of backup schedules can potentially retrieve all stored credentials, which poses a significant security risk.",Red Hat,Tower,5.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-19T20:24:18.000Z,0
CVE-2019-19342,https://securityvulnerability.io/vulnerability/CVE-2019-19342,Password Parsing Flaw in Ansible Tower by Red Hat,"A vulnerability exists in Ansible Tower that occurs when a websocket request is made with a password containing the '#' character. This flaw leads to a socket error in RabbitMQ during password parsing, resulting in an HTTP error code 500 and a potential leak of the password in plaintext. As attackers may exploit this weakness, predictable passwords could be easily guessed or subjected to brute-force techniques, increasing the risk of unauthorized access.",Red Hat,Tower,5.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2019-12-19T20:20:01.000Z,0
CVE-2019-19340,https://securityvulnerability.io/vulnerability/CVE-2019-19340,Exposure of RabbitMQ Management Interface in Ansible Tower,"A security misconfiguration was identified in Ansible Tower, affecting versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.3. When the RabbitMQ management interface is enabled using the flag '-e rabbitmq_enable_manager=true', it becomes exposed to the public. If the default admin account remains active, it presents an opportunity for attackers to exploit weak or guessed passwords, potentially allowing unauthorized access to the system.",Red Hat,Tower,8.2,HIGH,0.001970000099390745,false,,false,false,false,,,false,false,,2019-12-19T20:16:46.000Z,0
CVE-2019-3869,https://securityvulnerability.io/vulnerability/CVE-2019-3869,Environment Variable Exposure in Ansible Tower on OpenShift and Kubernetes,"Ansible Tower versions before 3.4.3, when deployed on OpenShift or Kubernetes, expose sensitive application credentials through environment variables during playbook job executions. This flaw allows any malicious user with permission to create or modify playbooks to potentially escalate their privileges, granting them unauthorized access and control over the application.",Red Hat,Tower,7.2,HIGH,0.00107999995816499,false,,false,false,false,,,false,false,,2019-03-28T13:04:59.000Z,0
CVE-2016-7070,https://securityvulnerability.io/vulnerability/CVE-2016-7070,Privilege Escalation Vulnerability in Ansible Tower by Red Hat,"A security flaw exists in Ansible Tower prior to version 3.0.3 where the system incorrectly sets the trust level for the PostgreSQL database's postgres user. This misconfiguration potentially allows an attacker to exploit the vulnerability to gain unauthorized administrative access to the database, posing significant security risks to data integrity and confidentiality.",Red Hat,Ansible Tower,8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-09-11T13:00:00.000Z,0
CVE-2017-7528,https://securityvulnerability.io/vulnerability/CVE-2017-7528,CRLF Injection Vulnerability in Red Hat CloudForms Management Engine,"The Ansible Tower component within the Red Hat CloudForms Management Engine 5 is susceptible to a CRLF injection vulnerability through the X-Forwarded-For header. This flaw enables internal servers to initiate the deployment of unauthorized systems via callback mechanisms, raising significant security concerns. Organizations using this software must take immediate measures to mitigate the risk associated with this vulnerability to protect their infrastructure from potential exploitation.",Red Hat,Ansible Tower,5.2,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2018-08-22T16:00:00.000Z,0
CVE-2018-10884,https://securityvulnerability.io/vulnerability/CVE-2018-10884,Cross-Site Request Forgery Vulnerability in Ansible Tower by Red Hat,"Ansible Tower prior to versions 3.1.8 and 3.2.6 is susceptible to a cross-site request forgery (CSRF) vulnerability, located in awx/api/authentication.py. This vulnerability allows an attacker to manipulate authenticated sessions, potentially enabling unauthorized actions by tricking users into accessing a malicious webpage that hijacks their authtoken cookie.",Red Hat,Ansible-tower,8.8,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2018-08-22T14:00:00.000Z,0
CVE-2017-12148,https://securityvulnerability.io/vulnerability/CVE-2017-12148,Vulnerability in Ansible Tower's Interface Affects SCM Repository Management,"A vulnerability exists in Ansible Tower's interface versions prior to 3.1.5 and 3.2.0 related to SCM repository definitions. If the 'delete before update' flag is not enabled, an attacker with commit privileges to the upstream playbook repository can craft a malicious playbook. This Trojan playbook, once executed by Tower, can modify the SCM repository, introducing git hooks that may execute arbitrary commands in the context of the user under which Tower is running.",Red Hat,Ansible Tower,8.4,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2018-07-27T16:00:00.000Z,0
CVE-2018-1104,https://securityvulnerability.io/vulnerability/CVE-2018-1104,Arbitrary Code Execution Vulnerability in Ansible Tower by Red Hat,"Ansible Tower, up to version 3.2.3, contains a vulnerability that permits users with permissions to define variables for a job template to execute arbitrary code on the Tower server. This flaw can potentially allow unauthorized actions, leading to severe impacts on the system’s integrity. It is essential for users of Ansible Tower to apply the necessary patches immediately to mitigate any risks associated with this issue.",Red Hat,Ansible Tower,8.8,HIGH,0.003389999968931079,false,,false,false,false,,,false,false,,2018-05-02T19:29:00.000Z,0
CVE-2018-1101,https://securityvulnerability.io/vulnerability/CVE-2018-1101,Privilege Escalation Flaw in Ansible Tower by Red Hat,"A significant flaw exists in Ansible Tower prior to version 3.2.4, which may allow organization administrators to reset the passwords of system administrators. This privilege escalation can lead to unauthorized access to sensitive systems and data, as organization administrators gain access to the entire Ansible Tower system, undermining its security framework. Users of Ansible Tower are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Red Hat,Ansible Tower,7.2,HIGH,0.0024500000290572643,false,,false,false,false,,,false,false,,2018-05-02T18:29:00.000Z,0