{"containers": {"cna": {"affected": [{"product": "Tower", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "3.3.5"}, {"status": "affected", "version": "3.4.3"}]}], "descriptions": [{"lang": "en", "value": "When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-214", "description": "CWE-214", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-28T13:04:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ansible/awx/pull/3505"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3869", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tower", "version": {"version_data": [{"version_value": "3.3.5"}, {"version_value": "3.4.3"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges."}]}, "impact": {"cvss": [[{"vectorString": "7.2/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-214"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ansible/awx/pull/3505", "refsource": "MISC", "url": "https://github.com/ansible/awx/pull/3505"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.595Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ansible/awx/pull/3505"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3869", "datePublished": "2019-03-28T13:04:59", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.595Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "93FBC1A2-2F44-4AA1-BC83-E99A5D09ED59", "versionEndExcluding": "3.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EAB487D-18F9-4025-8873-AA4C8E94F2B5", "versionEndExcluding": "3.4.3", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges."}, {"lang": "es", "value": "Al ejecutar Tower, en versiones anteriores a la 3.4.3 en OpenShift o Kubernetes, las credenciales de aplicaci\u00f3n se exponen a ejecuciones \"playbook job\" mediante variables de entorno. Un usuario malicioso capacitado para escribir playbooks podr\u00eda utilizar esto para ganar privilegios de administrador."}], "id": "CVE-2019-3869", "lastModified": "2024-11-21T04:42:45.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-28T14:29:00.307", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ansible/awx/pull/3505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ansible/awx/pull/3505"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-214"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Chris Bertsch (FactSet Research Systems Inc) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:0796", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ansible-tower-0:3.4.3-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-04-23T00:00:00Z"}, {"advisory": "RHSA-2019:0796", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-0:5.10.3.3-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-04-23T00:00:00Z"}, {"advisory": "RHSA-2019:0796", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-amazon-smartstate-0:5.10.3.3-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-04-23T00:00:00Z"}, {"advisory": "RHSA-2019:0796", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-appliance-0:5.10.3.3-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-04-23T00:00:00Z"}, {"advisory": "RHSA-2019:0796", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-gemset-0:5.10.3.3-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-04-23T00:00:00Z"}, {"advisory": "RHBA-2019:0884", "cpe": "cpe:/a:redhat:ansible_tower:3.3::el7", "package": "ansible-tower-33/ansible-tower:3.3.5-3", "product_name": "Red Hat Ansible Tower 3.3 for RHEL 7", "release_date": "2019-04-25T00:00:00Z"}, {"advisory": "RHBA-2019:0885", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower:3.4.3-4", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2019-04-25T00:00:00Z"}, {"advisory": "RHBA-2019:0885", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-memcached:1.4.15-18", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2019-04-25T00:00:00Z"}, {"advisory": "RHBA-2019:0885", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-messaging:3.7.4-10", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2019-04-25T00:00:00Z"}], "bugzilla": {"description": "Tower: credentials leaked through environment variables", "id": "1688508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688508"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-214", "details": ["When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.", "When running Tower on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges."], "name": "CVE-2019-3869", "public_date": "2019-03-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3869\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3869\nhttps://github.com/ansible/awx/pull/3505"], "threat_severity": "Moderate", "upstream_fix": "ansible-tower 3.3.5, ansible-tower 3.4.3"}