CVE-2019-3869
7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Tower | 3.3.5 | affected |
| Red Hat | Tower | 3.4.3 | affected |
Weaknesses
- CWE-214: CWE-214
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.