First published: Tue Nov 26 2019(Updated: )
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Ansible Tower | =3.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14890 is a vulnerability found in Ansible Tower before 3.6.1 that allows an attacker with low privileges to retrieve usernames and passwords stored in plain text.
CVE-2019-14890 has a severity score of 8.4 (high).
To fix CVE-2019-14890, upgrade to Ansible Tower version 3.6.1 or later.
Ansible Tower version 3.6.0 is affected by CVE-2019-14890.
The CWE ID for CVE-2019-14890 is CWE-312.