Lucene search

[email protected]CVE-2019-14890

HistoryNov 26, 2019 - 7:15 a.m.

CVE-2019-14890

2019-11-2607:15:11

CWE-312

[email protected]

web.nvd.nist.gov

cve-2019-14890

ansible tower

vulnerability

low privilege

credentials

plaintext

security issue

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at ‘/api/v2/config’ when applying the Ansible Tower license.

Affected configurations

Vulners

NVD

Node

redhatansible_towerRange≤3.6.1

CPENameOperatorVersion
redhat:ansible_towerredhat ansible towereq3.6.0

CPE	Name	Operator	Version
redhat:ansible_tower	redhat ansible tower	eq	3.6.0

CNA Affected

[
  {
    "product": "Tower",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "3.6.1"
      }
    ]
  }
]