Ansible Tower 3.3.x < 3.3.6 / 3.4.x < 3.4.4 / 3.5.x < 3.5.1 CRLF Vulnerability
Medium Nessus Plugin ID 127127
SynopsisAn IT monitoring application running on the remote host is affected by a Unauthorized Access vulnerability.
DescriptionThe version of Ansible Tower running on the remote web server is 3.3.x prior to 3.3.6, 3.4.x prior to 3.4.4, or 3.5.x prior to 3.5.1. It is, therefore, affected by a CRLF injection vulnerability in the urllib2 library of python 2.x through 2.7.16 & python 3.x through 3.7.3.
SolutionUpgrade to Ansible Tower version 3.3.6, 3.4.4, 3.5.1 or later.