HIGH🇵🇱 Wersja polska

CVE-2019-3869

CVSS 7.2v3.1pub. 2019-03-28upd. 2024-11-21

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Red Hat Ansible Tower

    APP
    Redhat
    < 3.3.53.4.0 – 3.4.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2018-16879CRITICAL9.8ten sam produkt

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configura...

CVE-2018-17456CRITICAL9.8ten sam produkt

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and...

CVE-2015-9262CRITICAL9.8ten sam produkt

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of serv...

CVE-2018-12910CRITICAL9.8ten sam produkt

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact vi...

CVE-2021-4112HIGH8.8ten sam produkt

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This f...