CVE-2015-1482

Published: Feb 4, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.

Affected (1)

Products: Ansible: Tower

Ansible

1 product

Tower

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ansible Tower	Up to 2.0.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2015/Jan/52

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/35786

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/534464/100/0/threaded

Source: cve@mitre.org

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html