CVE-2019-14890

Published: Nov 26, 2019Modified: Nov 21, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Exploitability: 2.0 / Impact: 5.8

Source: NVD

Description

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.

Affected (1)

Products: Redhat: Ansible Tower

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible Tower	Version 3.6.0

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.