The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ansible Tower

vulnerability bulletin CVE-2018-16879

Ansible Tower: information disclosure via AMPQ RabbitMQ Celery Workers Messaging

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via AMPQ RabbitMQ Celery Workers Messaging of Ansible Tower, in order to obtain sensitive information.
Impacted products: Ansible Tower.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 04/01/2019.
Identifiers: 1658394, CVE-2018-16879, VIGILANCE-VUL-28163.

Description of the vulnerability

An attacker can bypass access restrictions to data via AMPQ RabbitMQ Celery Workers Messaging of Ansible Tower, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10884

Ansible Tower: Cross Site Request Forgery via awx/api/authentication.py

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via awx/api/authentication.py of Ansible Tower, in order to force the victim to perform operations.
Impacted products: Ansible Tower.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 23/08/2018.
Identifiers: 1597069, CVE-2018-10884, VIGILANCE-VUL-27064.

Description of the vulnerability

The Ansible Tower product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via awx/api/authentication.py of Ansible Tower, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1104

Ansible Tower: code execution via Job Template Variables

Synthesis of the vulnerability

An attacker can use a vulnerability via Job Template Variables of Ansible Tower, in order to run code.
Impacted products: Ansible Tower.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 03/05/2018.
Identifiers: 1565862, CVE-2018-1104, VIGILANCE-VUL-26040.

Description of the vulnerability

An attacker can use a vulnerability via Job Template Variables of Ansible Tower, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1101

Ansible Tower: privilege escalation via Organization Administrators

Synthesis of the vulnerability

An attacker can bypass restrictions via Organization Administrators of Ansible Tower, in order to escalate his privileges.
Impacted products: Ansible Tower.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/05/2018.
Identifiers: 1563492, CVE-2018-1101, VIGILANCE-VUL-26039.

Description of the vulnerability

An attacker can bypass restrictions via Organization Administrators of Ansible Tower, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12148

Ansible Tower: code execution via SCM Repository Git Hooks

Synthesis of the vulnerability

An attacker can use a vulnerability via SCM Repository Git Hooks of Ansible Tower, in order to run code.
Impacted products: Ansible Tower.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 20/10/2017.
Identifiers: CVE-2017-12148, VIGILANCE-VUL-24194.

Description of the vulnerability

An attacker can use a vulnerability via SCM Repository Git Hooks of Ansible Tower, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-7070

Ansible Tower: privilege escalation via PostgreSQL

Synthesis of the vulnerability

An attacker can bypass restrictions via PostgreSQL of Ansible Tower, in order to escalate his privileges.
Impacted products: Ansible Tower.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 02/11/2016.
Identifiers: CVE-2016-7070, VIGILANCE-VUL-21012.

Description of the vulnerability

An attacker can bypass restrictions via PostgreSQL of Ansible Tower, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ansible Tower: