The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Ansible Tower

Node.js node-forge: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js node-forge, in order to escalate his privileges...
CVE-2020-7720, NPM-1561, VIGILANCE-VUL-33463
Ansible Tower: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Ansible Tower, in order to run JavaScript code in the context of the web site...
CVE-2020-25626, VIGILANCE-VUL-33460
Ansible Tower: information disclosure via Named URLs
An attacker can bypass access restrictions to data via Named URLs of Ansible Tower, in order to obtain sensitive information...
CVE-2020-14337, VIGILANCE-VUL-33012
Ansible Tower: information disclosure via Labels
An attacker can bypass access restrictions to data via Labels of Ansible Tower, in order to obtain sensitive information...
CVE-2020-14329, VIGILANCE-VUL-33011
Ansible Tower: Cross Site Request Forgery via Webhooks
An attacker can trigger a Cross Site Request Forgery via Webhooks of Ansible Tower, in order to force the victim to perform operations...
CVE-2020-1432, DSA-2020-278, VIGILANCE-VUL-33010
Ansible Tower: Cross Site Request Forgery via Credentials
An attacker can trigger a Cross Site Request Forgery via Credentials of Ansible Tower, in order to force the victim to perform operations...
CVE-2020-14327, VIGILANCE-VUL-33009
Ansible Tower: information disclosure via World Readable Configuration Files
An attacker can bypass access restrictions to data via World Readable Configuration Files of Ansible Tower, in order to obtain sensitive information...
CVE-2020-10782, VIGILANCE-VUL-32585
Ansible Tower: three vulnerabilities
An attacker can use several vulnerabilities of Ansible Tower...
CVE-2020-10697, CVE-2020-10698, CVE-2020-10709, VIGILANCE-VUL-32093
Python Twisted: information disclosure via HTTP Request Splitting
An attacker can bypass access restrictions to data via HTTP Request Splitting of Python Twisted, in order to obtain sensitive information...
CVE-2020-10108, CVE-2020-10109, DLA-2145-1, DLA-2145-2, RHSA-2020:1561-01, RHSA-2020:1962-01, USN-4308-1, USN-4308-2, VIGILANCE-VUL-31817
Django: SQL injection via Tolerance Parameter
An attacker can use a SQL injection via Tolerance Parameter of Django, in order to read or alter data...
CVE-2020-9402, DSA-4705-1, USN-4296-1, VIGILANCE-VUL-31723
Our database contains other pages. You can request a free trial to read them.

Display information about Ansible Tower: