2 matches found
CVE-2019-19341
Ansible Tower 3.6.x before 3.6.2 stores backups in /var/backup/tower with world-readable permissions, exposing the SECRET_KEY and database backup. An authenticated user with access to the Tower server and knowledge of backup timing could retrieve credentials stored in Tower. Remediation: upgrade ...
Important: Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container Added a command to generate a new SECRETKEY and rekey the database Removed the guest user from the optionally-configured RabbitMQ admin interface CVE-2019-19340 Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook...