The /var/lib/awx/rsyslog/rsyslog.conf has world readable permissions which could store some secrets such as the Splunk token. Rsyslog configuration file permissions must be set to 640 instead of 644.
* Ansible Tower 3.7.0 is affected.
Setting manual permissions for the rsyslog.conf file to 0640 would mitigate the issue temporarily. However, be aware that every time the Tower services are restarted, the permissions are restored to 644 after some time.
This issue has been addressed in the following products:
Red Hat Ansible Tower 3.7 for RHEL 7
Via RHSA-2020:2617 https://access.redhat.com/errata/RHSA-2020:2617
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):