CVE-2019-14890
HIGHAnsible Tower - Cleartext Storage of Sensitive Information in Database
Title source: llmDescription
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890
Scores
CVSS v3
8.4
EPSS
0.0002
EPSS Percentile
6.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-312
Status
published
Products (1)
redhat/ansible_tower
3.6.0
Published
Nov 26, 2019
Tracked Since
Feb 18, 2026