what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Ansible Tower 2.0.2 XSS / Privilege Escalation / Authentication Missing
Posted Jan 14, 2015
Authored by Manuel Hofer | Site sec-consult.com

Ansible Tower versions 2.0.2 and below suffer from cross site scripting, privilege escalation, and missing vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6e3115b310156299b33941a1b818a51f6f4f245f77904472bfc207672fab5870

Related Files

Red Hat Security Advisory 2022-0482-01
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0482-01 - Red Hat Ansible Tower provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Tower makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4112
SHA-256 | 28459881165934293900b4a0954054c6415064367de18c25933d5847235a8b75
Red Hat Security Advisory 2021-3473-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3473-01 - Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service -based capabilities and features for organization-wide effectiveness. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat, windows
advisories | CVE-2021-33503
SHA-256 | c402e7fa5f24e7949b86c443dcb2450ee977096d6f466a3d7bd35b13731308b5
Red Hat Security Advisory 2021-0780-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0780-01 - Red Hat Ansible Tower 3.8.2-1 has a security and bug fix update. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253, CVE-2021-3281
SHA-256 | a31c39fa66b6bc6b23e3b19170fc67487d8151e576474565c044fe7a2b50c600
Red Hat Security Advisory 2021-0778-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971
SHA-256 | b36485939bcc96f4f05a1b61fcc6c6e3aefa7b635d0f1eb06d546cdccf61da2a
Red Hat Security Advisory 2021-0779-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2019-20372, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253
SHA-256 | ffea5b924d380661bcc8195b96557d4036aa09a293d42a21776c1077e68571d1
Red Hat Security Advisory 2021-0781-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0781-01 - Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, Automation Hub and use-case specific capabilities for Microsoft Windows, network, security, and more, along with Software-as-a-Service -based capabilities and features for organization-wide effectiveness. This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. Issues addressed include code execution, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat, windows
advisories | CVE-2020-15366, CVE-2020-7789, CVE-2021-20270, CVE-2021-3281
SHA-256 | 31eef7ec3b851813c547d30e87efc846893d2cc98b58d36edf0cac10328e2710
Red Hat Security Advisory 2020-5249-01
Posted Nov 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2019-18874, CVE-2020-11022, CVE-2020-11023, CVE-2020-7676, CVE-2020-7720, CVE-2020-7743
SHA-256 | 110dd18b4efb16ae0c10f48cfdb06ff0615e9ae0e93f088c11b253e73a4fd781
Red Hat Security Advisory 2020-4137-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4137-01 - Fixed an XSS vulnerability Fixed the Red Hat sosreport tool to no longer include the Ansible Tower SECRET_KEY value Fixed the Ansible Tower installer so that it is now compatible with the latest supported Red Hat OpenShift Container Platforms 3.x and 4.x. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-14365, CVE-2020-25626
SHA-256 | 3c45228725985140a00c8945df5dc1bd22d32fd30a3069bc0f2833320d9b2911
Red Hat Security Advisory 2020-4136-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4136-01 - Updated to the latest version of the git-python library to no longer cause certain jobs to fail Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login Fixed an XSS vulnerability Fixed a slow memory leak in the Daphne process Fixed Automation Analytics data gathering to no longer fail for customers with large datasets Fixed scheduled jobs that run every X minute or hour to no longer fail to run at the proper time Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled Fixed the performance for playbooks that store large amounts of data using the set_stats module Fixed the awx-manage remove_from_queue tool when used with isolated nodes Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment. Issues addressed include cross site scripting and memory leak vulnerabilities.

tags | advisory, vulnerability, xss, memory leak, python
systems | linux, redhat
advisories | CVE-2020-14365, CVE-2020-25626
SHA-256 | d35bdae114c99ede1a241ed0ae74cb3f31fecb568f0fd7025cd59c44c369df33
Red Hat Security Advisory 2020-3328-01
Posted Aug 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3328-01 - Red Hat Ansible Tower 3.7.2-1 has addressed for security issues.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14327, CVE-2020-14328, CVE-2020-14329, CVE-2020-14337
SHA-256 | cc4215dd35492a4c347e20844f09b854f5035612f362b2be83a677a56904fb8b
Red Hat Security Advisory 2020-3329-01
Posted Aug 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3329-01 - Red Hat Ansible Tower has had multiple bug fixes addressed including a security issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14327
SHA-256 | 16d2744816a6d1503db52bf24043f2f829e30349a4d0ba4d63ce5621a8eac027
Red Hat Security Advisory 2020-2617-01
Posted Jun 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2617-01 - A large amount of updates has been made to Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container including one security fix.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10782
SHA-256 | 8ef8d25bfdc93e329e17947827668cb92bbae1de4b8dfbc32ce00b90e314fbd2
Red Hat Security Advisory 2019-4243-01
Posted Dec 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4243-01 - Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container updates have been released to address a multitude of security vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-19340, CVE-2019-19341, CVE-2019-19342
SHA-256 | 7548a339579890d2d2c343ddefd9501831a2e6eb618c43ee23ee635abbcb0731
Red Hat Security Advisory 2019-4242-01
Posted Dec 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4242-01 - Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container updates have been released to address a multitude of security vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-14864, CVE-2019-19340, CVE-2019-19341, CVE-2019-19342
SHA-256 | e2b55638dd441fc7e28c5b245e491a7ce76ba6e1831ca771975ba3aea570ad7e
Red Hat Security Advisory 2019-3958-01
Posted Nov 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3958-01 - Ansible Tower version 3.6.1 suffers from accidental disclosure of username and password amongst other security issues.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14890
SHA-256 | 590313b8d7ca209829120ffd740d34a5e8d5724a033a69f9039288bc27d623c6
Red Hat Security Advisory 2019-0651-01
Posted Mar 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0651-01 - Ansible Tower version 3.4.3 has security updates that Red Hat did not feel like explaining in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-5407
SHA-256 | f3a989fc6b07f1220ca069b313f166cd30aa34a90781112c73dfa0b9d5f7739d
Red Hat Security Advisory 2019-0652-01
Posted Mar 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0652-01 - Ansible Tower version 3.3.5 has security updates that Red Hat did not feel like explaining in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-3835, CVE-2019-3838
SHA-256 | 2638cb5d98f9dd47e1a7385986d6b92adb44d0f3f85b6e4bc38cb0d57d8dd34c
Red Hat Security Advisory 2018-3505-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-9262, CVE-2016-9396, CVE-2017-1000050, CVE-2017-18267, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2018-1000805, CVE-2018-1060, CVE-2018-1061, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2018-12384, CVE-2018-12910, CVE-2018-13988, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-16837, CVE-2018-17456
SHA-256 | 5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49
Red Hat Security Advisory 2018-0374-01
Posted Feb 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0374-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Ansible Tower helps you scale IT automation, manage complex deployments and speed productivity. Centralize and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling, integrated notifications and graphical inventory management. And Ansible Tower's REST API and CLI make it easy to embed Ansible Tower into existing tools and processes.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-12191
SHA-256 | 1210bbc52fc442407bee237585896be0d4a024d56cd46dc0961f8e58747f5ac3
Red Hat Security Advisory 2017-3005-01
Posted Oct 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3005-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The following packages have been upgraded to a later upstream version: ansible-tower, cfme, cfme-appliance, cfme-gemset, rabbitmq-server, rh-ruby23-rubygem-nokogiri, supervisor.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2017-11610, CVE-2017-12148
SHA-256 | 5d6f2f797bc66745530e056e45966de331b7f4a4d539e9494b41c8fdfc0f84eb
Hack In The Box GSEC Call For Papers
Posted Apr 9, 2015
Site gsec.hitb.org

The Call for Papers for the inaugural Hack In The Box GSEC conference in Singapore is now open. It will be held October 12th through the 16th, 2015 at the Sheraton Towers in Singapore.

tags | paper, conference
SHA-256 | d42213d26e010433988c1d4f7c96a576003f139e14d12e1074db9f4ae6f3b5e5
The Preferred Roaming List Zero Intercept Attack
Posted Aug 5, 2014
Authored by coderman

Whitepaper discussing how to not get man-in-the-middled at Defcon / Blackhat. Attackers in position to carry out Monkey-in-the-Middle against CDMA2000 links between customer stations and their carrier BTS equipment can leverage silent push PRL updates to apply a routing list preferring paths through malicious "tower(s)" carrying the subscriber voice and data traffic under threat. The use of a specific PRL version Zero (0), aka Preferred Roaming List Zero Intercept Attack, implements the rogue tower associations with least potential interference to legit carrier bands and devices present in broadcast domain of attack.

tags | paper
SHA-256 | 6ad1a29ff7edb0d81dee055061cb3d55b7de08bbf42dac02402dc4abff248b24
44Con 2011 Technical Call For Papers
Posted May 4, 2011
Authored by 44Con | Site 44con.eventbrite.com

The 44Con 2011 call for papers has been announced. 44Con is the UK's largest combined security conference and training event, with the conference taking place on the 1st and 2nd of September, 2011 at a five star hotel near Tower Bridge and the Tower of London.

tags | paper, conference
SHA-256 | 57d9eb3d2e5cdff0169d1e98f96488a579aa689a3b71ba638b49b5cd1f3d5944
HitNote E-Zine 0x03
Posted Jan 5, 2011
Authored by hitnote | Site hitnote.gotdns.org

HitNote E-Zine 0x03 - This issue has topics like Reverse Engineering, Towers of Hanoi, The PIC, and more. Written in Italian.

tags | magazine
SHA-256 | a1ed52ffad1b7e0ffa8257944ada8cb44be0f78cda3743211c523b96428e0ab7
NextApp Echo XML Injection
Posted Mar 10, 2009
Site sec-consult.com

SEC Consult Security Advisory 20090305-0 - NextApp Echo2 versions below 2.1.1 suffer from a XML injection vulnerability.

tags | exploit, xxe
SHA-256 | e364a88c2cc90f61eeb02c0e5b44a6ff6992024991a758fa3a4903a2fe77a6b5
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close