CVE-2019-3869

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.4.3

Description The issue is related to the exposure of application credentials to playbook job runs via environment variables when running Ansible Tower on OpenShift or Kubernetes. This could allow a malicious user with the ability to write playbooks to gain administrative privileges. The vulnerability is also related to weaknesses in managing registration data in the Ansible Tower web interface, which could allow a remote attacker to elevate their privileges.

Recommendations For Ansible Tower versions prior to 3.4.3, update to version 3.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the playbook writing functionality to minimize the risk of exploitation. Additionally, restrict the use of environment variables in playbook job runs until the issue is resolved.