CVE-2019-3869
published 2019-03-28CVE-2019-3869: When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | tower | — | — |
| red_hat | tower | — | — |
| redhat | ansible_tower | < 3.3.5 | 3.3.5 |
| redhat | ansible_tower | >= 3.4.0 < 3.4.3 | 3.4.3 |