CVE-2019-3869
Published
CVSS v3
7.2
HIGH
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
GitHub