CVE-2019-14890

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.

Published: Nov 26, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-14890
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.4
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
redhat / ansible_tower	3.6.0	3.6.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890

Vulnerability Database

289,689

CVE-2019-14890