CVE-2019-19341
published 2019-12-19CVE-2019-19341: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | ansible_tower | >= 3.6.0 < 3.6.2 | 3.6.2 |
| redhat | tower | — | — |