Product:

Ansible_tower

(Redhat)
Repositories https://github.com/kyz/libmspack
https://github.com/git/git
#Vulnerabilities 65
Date Id Summary Products Score Patch Annotated
2021-04-01 CVE-2021-3447 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data... Fedora, Ansible, Ansible_tower 5.5
2021-05-26 CVE-2021-20178 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. Fedora, Ansible, Ansible_tower 5.5
2021-05-26 CVE-2021-20191 A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. Virtualization, Ansible, Ansible_tower, Cisco_nx\-Os_collection, Community_general_collection, Community_network_collection, Docker_community_collection, Google_cloud_platform_ansible_collection 5.5
2021-09-22 CVE-2021-3583 A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. Ansible_automation_platform, Ansible_engine, Ansible_tower 7.1
2018-06-13 CVE-2018-0495 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Ubuntu_linux, Debian_linux, Libgcrypt, Traffic_director, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 4.7