The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Ansible Tower

Django: directory traversal via archive.extract
An attacker can traverse directories via archive.extract() of Django, in order to create a file outside the service root path...
CVE-2021-3281, DLA-2540-1, FEDORA-2021-5329c680f7, NTAP-20210226-0004, USN-4715-1, USN-4715-2, VIGILANCE-VUL-34447
Autobahn: spoofing via Redirect Header Injection
An attacker can create spoofed data via Redirect Header Injection of Autobahn, in order to deceive the victim...
CVE-2020-35678, openSUSE-SU-2021:0132-1, openSUSE-SU-2021:0152-1, openSUSE-SU-2021:0176-1, openSUSE-SU-2021:0180-1, VIGILANCE-VUL-34319
Node.js mathjs: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js mathjs, in order to escalate his privileges...
CVE-2020-7743, VIGILANCE-VUL-34306
Node.js angular.js: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Node.js angular.js, in order to run JavaScript code in the context of the web site...
6361623, CVE-2020-7676, RHSA-2021:0967-01, RHSA-2021:0968-01, RHSA-2021:0969-01, RHSA-2021:0974-01, VIGILANCE-VUL-34248
Node.js node-forge: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js node-forge, in order to escalate his privileges...
CVE-2020-7720, NPM-1561, VIGILANCE-VUL-33463
Django REST Framework: Cross Site Scripting via Browseable API Viewer
An attacker can trigger a Cross Site Scripting via Browseable API Viewer of Django REST Framework, in order to run JavaScript code in the context of the web site...
CVE-2020-25626, openSUSE-SU-2021:0322-1, openSUSE-SU-2021:0338-1, VIGILANCE-VUL-33460
Ansible Tower: information disclosure via Named URLs
An attacker can bypass access restrictions to data via Named URLs of Ansible Tower, in order to obtain sensitive information...
CVE-2020-14337, VIGILANCE-VUL-33012
Ansible Tower: information disclosure via Labels
An attacker can bypass access restrictions to data via Labels of Ansible Tower, in order to obtain sensitive information...
CVE-2020-14329, VIGILANCE-VUL-33011
Ansible Tower: Cross Site Request Forgery via Webhooks
An attacker can trigger a Cross Site Request Forgery via Webhooks of Ansible Tower, in order to force the victim to perform operations...
CVE-2020-1432, DSA-2020-278, VIGILANCE-VUL-33010
Ansible Tower: Cross Site Request Forgery via Credentials
An attacker can trigger a Cross Site Request Forgery via Credentials of Ansible Tower, in order to force the victim to perform operations...
CVE-2020-14327, VIGILANCE-VUL-33009
Our database contains other pages. You can request a free trial to read them.

Display information about Ansible Tower: