Description
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
Exploits (1)
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534464/100/0/threaded
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/52
Exploit x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35786
Scores
EPSS
0.1740
EPSS Percentile
95.1%
Details
CWE
CWE-200
Status
published
Products (1)
ansible/tower
< 2.0.4
Published
Feb 04, 2015
Tracked Since
Feb 18, 2026