What is the vulnerability ID of this flaw?

The vulnerability ID of this flaw is CVE-2020-14327.

What is the severity level of CVE-2020-14327?

The severity level of CVE-2020-14327 is medium.

What is the affected software?

The affected software is Redhat Ansible Tower before version 3.6.5 and before version 3.7.2.

What is the description of this vulnerability?

CVE-2020-14327 is a Server-side request forgery (SSRF) flaw in Ansible Tower that allows an attacker to abuse functionality on the Tower server to connect to internal services or expose additional information.

How can I fix CVE-2020-14327?

To fix CVE-2020-14327, update Ansible Tower to version 3.6.5 or version 3.7.2.

Vulnerability/
CVE-2020-14327

medium

5.5

CWE

918

14/7/2020

27/5/2021

7/6/2021

CVE-2020-14327: SSRF

First published: Tue Jul 14 2020(Updated: )

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test feature of lookup credentials to forge HTTP/HTTPS requests from the server and retrieving the results of the response.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Ansible Tower	<3.6.5
Redhat Ansible Tower	>=3.7.0<3.7.2
redhat/ansible_tower	<3.6.5	3.6.5
redhat/ansible_tower	<3.7.2	3.7.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this flaw?
The vulnerability ID of this flaw is CVE-2020-14327.
What is the severity level of CVE-2020-14327?
The severity level of CVE-2020-14327 is medium.
What is the affected software?
The affected software is Redhat Ansible Tower before version 3.6.5 and before version 3.7.2.
What is the description of this vulnerability?
CVE-2020-14327 is a Server-side request forgery (SSRF) flaw in Ansible Tower that allows an attacker to abuse functionality on the Tower server to connect to internal services or expose additional information.
How can I fix CVE-2020-14327?
To fix CVE-2020-14327, update Ansible Tower to version 3.6.5 or version 3.7.2.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-14327
agent/software-canonical-lookup
vendor/redhat
canonical/redhat ansible tower
version/redhat ansible tower/3.7.0
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.