VYPR

Maven package

org.jenkins-ci.plugins/ansible-tower

pkg:maven/org.jenkins-ci.plugins/ansible-tower

Vulnerabilities (3)

  • CVE-2019-10312MedApr 30, 2019
    affected < 0.9.2fixed 0.9.2

    A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

  • CVE-2019-10311HigApr 30, 2019
    affected < 0.9.2fixed 0.9.2

    A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe

  • CVE-2019-10310HigApr 30, 2019
    affected < 0.9.2fixed 0.9.2

    A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-speci