Ansible Tower 3.1.x < 3.1.8 / 3.2.x < 3.2.6 CSRF vulnerability
Medium Nessus Plugin ID 112212
SynopsisAn IT monitoring application running on the remote host is affected by a CSRF vulnerability.
DescriptionThe version of Ansible Tower running on the remote web server is 3.1.x prior to 3.1.8 or 3.2.x prior to 3.2.6. It is, therefore, affected by a cross-site request forgery vulnerability in awx/api/authentication.py.
SolutionUpgrade to Ansible Tower version 3.1.8/ 3.2.6 or later.