Bug 1773622 (CVE-2019-14890)
Summary: | CVE-2019-14890 Tower: RHSM username and password exposed after license application | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Borja Tarraso <btarraso> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | dmetzger, gblomqui, gmainwar, gmccullo, gtanzill, jfrey, jhardy, jlaska, kdixon, obarenbo, roliveri, security-response-team, simaishi, smallamp |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ansible_tower 3.6.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Ansible Tower where the RHSM credentials are saved in plain text in the database that is available at '/api/v2/config' after applying the Ansible Tower license. Attackers with this information could log into RHSM and modify licenses and make other changes.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-25 14:59:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1775627, 1775628, 1775629 | ||
Bug Blocks: | 1773623 |
Description
Borja Tarraso
2019-11-18 15:04:21 UTC
Acknowledgments: Name: Victor da Costa (Red Hat) Mitigation: There is no mitigation for this issue since this issue happens when Red Hat license is applied. This issue has been addressed in the following products: Red Hat Ansible Tower 3.6 for RHEL 7 Via RHSA-2019:3958 https://access.redhat.com/errata/RHSA-2019:3958 Statement: Ansible Tower 3.6.0 is affected, but Ansible Tower 3.5, 3.4, and 3.3 are not vulnerable as they do not include the new RHSM. CloudForms 5.9 and 5.10 are not vulnerable as they do not use Ansible Tower 3.6.0. |