Lucene search

K
prionPRIOn knowledge basePRION:CVE-2019-19341
HistoryDec 19, 2019 - 9:15 p.m.

Design/Logic Flaw

2019-12-1921:15:00
PRIOn knowledge base
www.prio-n.com
5

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in ‘/var/backup/tower’ are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.

CPENameOperatorVersion
ansible_towerge3.6.0
ansible_towerlt3.6.2

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%