CVE-2019-14890
First published: Tue Nov 26 2019(Updated: )
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Ansible Tower | =3.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14890?
CVE-2019-14890 is a vulnerability found in Ansible Tower before 3.6.1 that allows an attacker with low privileges to retrieve usernames and passwords stored in plain text.
How severe is CVE-2019-14890?
CVE-2019-14890 has a severity score of 8.4 (high).
How can I fix CVE-2019-14890?
To fix CVE-2019-14890, upgrade to Ansible Tower version 3.6.1 or later.
What software versions are affected by CVE-2019-14890?
Ansible Tower version 3.6.0 is affected by CVE-2019-14890.
What is the Common Weakness Enumeration (CWE) ID for CVE-2019-14890?
The CWE ID for CVE-2019-14890 is CWE-312.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/redhat
- canonical/redhat ansible tower
- version/redhat ansible tower/3.6.0