CVE-2017-7528 (ansible_tower, cloudforms_management_engine)
-
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7528
© Lightnetics 2024