VYPR

Tower

by Red Hat

CVEs (2)

  • CVE-2020-14337MedJul 31, 2020
    risk 0.38cvss 5.8epss 0.01

    A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this…

  • CVE-2019-3869HigMar 28, 2019
    risk 0.00cvss 7.2epss 0.01

    When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.