CVE-2020-10709

HIGH Year: 2020
CVSS v3 Score
7.1
High
CVSS v2 Score
3.6
Low
Weakness Type
CWE-287
View all →

Vulnerability Description

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6.

Related Vulnerabilities

CVE-2017-12778

HIGH
CVSS:7.1(High)

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value ...

CWE-2872017

CVE-2018-1738

HIGH
CVSS:7.1(High)

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM ...

CWE-2872018

CVE-2018-4064

HIGH
CVSS:7.1(High)

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unveri...

CWE-2872018

CVE-2021-20593

HIGH
CVSS:7.1(High)

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3....

CWE-2872021

CVE-2021-36949

HIGH
CVSS:7.1(High)

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

CWE-2872021