CVE-2019-14890
Tower: RHSM username and password exposed after license application
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
Se encontró una vulnerabilidad en Ansible Tower anterior de la versión 3.6.1, donde un atacante con pocos privilegios podía recuperar nombres de usuario y credenciales de contraseñas del nuevo RHSM guardado en texto plano en la base de datos en '/ api / v2 / config' al aplicar la licencia de Ansible Tower.
A flaw was found in Ansible Tower where the RHSM credentials are saved in plain text in the database that is available at '/api/v2/config' after applying the Ansible Tower license. Attackers with this information could log into RHSM and modify licenses and make other changes.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-11-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-14890 | 2019-11-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1773622 | 2019-11-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | 3.6.0 Search vendor "Redhat" for product "Ansible Tower" and version "3.6.0" | - |
Affected
|