When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HRed Hat Ansible Tower
APPRedhat< 3.3.53.4.0 – 3.4.3 (bez)
Related vulnerabilities
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configura...
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and...
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of serv...
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact vi...
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This f...