Ansible Tower Plugin

Source repositories

https://github.com/jenkinsci/ansible-plugin

CVEs (6)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2023-32983	Jenkins Project Ansible Tower Plugin	—	May 16, 2023	Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-32982	Jenkins Project Ansible Tower Plugin	—	May 16, 2023	Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2020-2310	Jenkins Project Ansible Tower Plugin	—	Nov 4, 2020	Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2019-10310	Jenkins Project Ansible Tower Plugin	—	Apr 30, 2019	A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using…
CVE-2019-10312	Jenkins Project Ansible Tower Plugin	—	Apr 30, 2019	A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10311	Jenkins Project Ansible Tower Plugin	—	Apr 30, 2019	A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using…

CVE-2023-32983May 16, 2023
Jenkins Project
Ansible Tower Plugin
risk 0.00cvss —epss 0.00
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-32982May 16, 2023
Jenkins Project
Ansible Tower Plugin
risk 0.00cvss —epss 0.00
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2020-2310Nov 4, 2020
Jenkins Project
Ansible Tower Plugin
risk 0.00cvss —epss 0.00
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2019-10310Apr 30, 2019
Jenkins Project
Ansible Tower Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using…
CVE-2019-10312Apr 30, 2019
Jenkins Project
Ansible Tower Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10311Apr 30, 2019
Jenkins Project
Ansible Tower Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using…