When running Tower on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Acknowledgments: Name: Chris Bertsch (FactSet Research Systems Inc)
External References: https://github.com/ansible/awx/pull/3505