CVE-2015-1482

Опубликовано: 04 фев. 2015

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.

Ссылки

http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html
Exploit
http://seclists.org/fulldisclosure/2015/Jan/52
Exploit
http://www.exploit-db.com/exploits/35786
Exploit
http://www.securityfocus.com/archive/1/534464/100/0/threaded
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt
Exploit
http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html
Exploit
http://seclists.org/fulldisclosure/2015/Jan/52
Exploit
http://www.exploit-db.com/exploits/35786
Exploit
http://www.securityfocus.com/archive/1/534464/100/0/threaded
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ansible:tower:*:*:*:*:*:*:*:*

Версия до 2.0.4 (включая)

EPSS

Процентиль: 95%

0.17397

Средний

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-qwm2-p4xm-jjjq

github

больше 3 лет назад