Jenkins Ansible Tower

Do you want an email whenever new security vulnerabilities are reported in Jenkins Ansible Tower?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Ansible Tower . Ansible Tower did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	3	7.30
2018	0	0.00

It may take a day or so for new Ansible Tower vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Ansible Tower Security Vulnerabilities

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method

CVE-2019-10310 8.8 - High - April 30, 2019

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins

Session Riding

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method

CVE-2019-10311 8.8 - High - April 30, 2019

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

AuthZ

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method

CVE-2019-10312 4.3 - Medium - April 30, 2019

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Ansible Tower or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Ansible Tower
Product

Jenkins Ansible Tower

By the Year

Recent Jenkins Ansible Tower Security Vulnerabilities

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method CVE-2019-10310 8.8 - High - April 30, 2019

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method CVE-2019-10311 8.8 - High - April 30, 2019

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method CVE-2019-10312 4.3 - Medium - April 30, 2019