Name of the Vulnerable Software and Affected Versions: Ansible Tower version 3.7 Ansible Automation Platform version 1.2

Description: A flaw in Ansible discloses secret information in async files when the jobdir is changed to a world-readable directory. This allows a malicious user to read any secret information in an async status file.

Recommendations: For Ansible Tower version 3.7, restrict access to the jobdir to prevent it from being changed to a world-readable directory. For Ansible Automation Platform version 1.2, limit access to async status files to minimize the risk of secret information disclosure. As a temporary workaround, consider setting proper permissions on the jobdir to prevent unauthorized access until a fix is available.