What is CVE-2019-14890?

CVE-2019-14890 is a high-severity vulnerability in [Unknown] Tower, classified under Cleartext Storage of Sensitive Information. CVSS score: 8.4/10. Published 2019-11-26.

How severe is CVE-2019-14890?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in [Unknown] Tower

CVE-2019-14890

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the A…

EPSS: 0.002 (14.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N.

Affected products

[Unknown] Tower — versions 3.6.1
Redhat Ansible_tower — versions 3.6.0

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

References

secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2019-14890?: CVE-2019-14890 is a high-severity vulnerability in [Unknown] Tower, classified under Cleartext Storage of Sensitive Information. CVSS score: 8.4/10. Published 2019-11-26.
How severe is CVE-2019-14890?: High severity. CVSS v3 base score is 8.4 out of 10.