Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-19341
Vulnerability from cvelistv5
Published
2019-12-19 20:24
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341 | Issue Tracking, Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tower",
"vendor": "RedHat",
"versions": [
{
"status": "affected",
"version": "all ansible_tower versions 3.6.x before 3.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:59",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-19341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tower",
"version": {
"version_data": [
{
"version_value": "all ansible_tower versions 3.6.x before 3.6.2"
}
]
}
}
]
},
"vendor_name": "RedHat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19341",
"datePublished": "2019-12-19T20:24:18",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-05T02:16:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.6.0\", \"versionEndExcluding\": \"3.6.2\", \"matchCriteriaId\": \"7B63E788-E234-4FE5-9EA6-1256BD358A06\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2, donde los archivos en \\\"/var/backup/tower\\\" pueden ser world-readable. Estos archivos incluyen tanto la SECRET_KEY como la copia de seguridad de la base de datos. Cualquier usuario con acceso al servidor de Tower y sabiendo cu\\u00e1ndo se ejecuta una copia de seguridad, podr\\u00eda recuperar todas las credenciales almacenadas en Tower. El acceso a los datos es la mayor amenaza con esta vulnerabilidad.\"}]",
"id": "CVE-2019-19341",
"lastModified": "2024-11-21T04:34:36.740",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-12-19T21:15:14.057",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19341\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-12-19T21:15:14.057\",\"lastModified\":\"2024-11-21T04:34:36.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en Ansible Tower, versiones 3.6.x anteriores a 3.6.2, donde los archivos en \\\"/var/backup/tower\\\" pueden ser world-readable. Estos archivos incluyen tanto la SECRET_KEY como la copia de seguridad de la base de datos. Cualquier usuario con acceso al servidor de Tower y sabiendo cu\u00e1ndo se ejecuta una copia de seguridad, podr\u00eda recuperar todas las credenciales almacenadas en Tower. El acceso a los datos es la mayor amenaza con esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"7B63E788-E234-4FE5-9EA6-1256BD358A06\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2019_4243
Vulnerability from csaf_redhat
Published
2019-12-16 18:34
Modified
2024-11-22 14:19
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
Details
* Added a command to generate a new SECRET_KEY and rekey the database
* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
* Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
* Fixed hang in error handling for source control checkouts
* Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
* Fixed an issue where supervisord would not shut down correctly
* Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
* Fixed link to instance groups documentation in the user interface
* Fixed retrieval of Red Hat subscription data when running in OpenShift
* Fixed editing of inventory on Workflow templates
* Fixed multiple issues with OAuth2 token cleanup system jobs
* Fixed custom email notifications for workflow approve and deny
* Updated SAML implementation to automatically log if authorization exists
* Updated AngularJS to 1.7.9 for CVE-2019-10768
* Updated installer to not install PostgreSQL server on all nodes
* Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added a command to generate a new SECRET_KEY and rekey the database\n* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)\n* Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used\n* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)\n* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)\n* Fixed hang in error handling for source control checkouts\n* Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout\n* Fixed an issue where supervisord would not shut down correctly\n* Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout\n* Fixed link to instance groups documentation in the user interface\n* Fixed retrieval of Red Hat subscription data when running in OpenShift\n* Fixed editing of inventory on Workflow templates\n* Fixed multiple issues with OAuth2 token cleanup system jobs\n* Fixed custom email notifications for workflow approve and deny\n* Updated SAML implementation to automatically log if authorization exists\n* Updated AngularJS to 1.7.9 for CVE-2019-10768\n* Updated installer to not install PostgreSQL server on all nodes\n* Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4243",
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4243.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:19:46+00:00",
"generator": {
"date": "2024-11-22T14:19:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:4243",
"initial_release_date": "2019-12-16T18:34:43+00:00",
"revision_history": [
{
"date": "2019-12-16T18:34:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-16T18:34:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:19:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product": {
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product_id": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-36/ansible-tower\u0026tag=3.6.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
},
"product_reference": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryan Petrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19340",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2019-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19340"
},
{
"category": "external",
"summary": "RHBZ#1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "workaround",
"details": "The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command \"rabbitmqctl delete_user guest\".",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly"
},
{
"acknowledgments": [
{
"names": [
"Graham Mainwaring"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19341",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: intermediate files during Tower backup are world-readable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.7 (5.10) release is not affected, because we do not run Ansible Tower backups from CloudForms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19341"
},
{
"category": "external",
"summary": "RHBZ#1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19341",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: intermediate files during Tower backup are world-readable"
},
{
"cve": "CVE-2019-19342",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2019-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782623"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the \u0027#\u0027 character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: special characters in RabbitMQ passwords causes web socket 500 error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19342"
},
{
"category": "external",
"summary": "RHBZ#1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19342",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "workaround",
"details": "This issue could be mitigated by setting or changing the RabbitMQ passwords without using the specials characters. Complex passwords could still remain or even increase by using unpredictable longer strings. This adds much more entropy rather than just using special characters in shorter strings.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: special characters in RabbitMQ passwords causes web socket 500 error"
}
]
}
rhsa-2019:4242
Vulnerability from csaf_redhat
Published
2019-12-16 18:32
Modified
2024-11-22 14:19
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Details
* Added a command to generate a new SECRET_KEY and rekey the database
* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
* Fixed a file descriptor leak in the Tower service during project updates
* Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored
* Fixed an issue where some timezones in schedules could not be parsed
* Fixed isolated execution of playbooks with blanks in the filename
* Fixed saving of workflow extra_vars
* Updated Ansible Tower to disallow Jinja in inventory hostnames
* Updated analytics data collection to match Ansible Tower 3.6
* Updated bundled oVirt SDK to version 4.3.0
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added a command to generate a new SECRET_KEY and rekey the database \n* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)\n* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)\n* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)\n* Fixed a file descriptor leak in the Tower service during project updates\n* Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored\n* Fixed an issue where some timezones in schedules could not be parsed\n* Fixed isolated execution of playbooks with blanks in the filename\n* Fixed saving of workflow extra_vars\n* Updated Ansible Tower to disallow Jinja in inventory hostnames\n* Updated analytics data collection to match Ansible Tower 3.6\n* Updated bundled oVirt SDK to version 4.3.0",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4242",
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4242.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:19:39+00:00",
"generator": {
"date": "2024-11-22T14:19:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:4242",
"initial_release_date": "2019-12-16T18:32:36+00:00",
"revision_history": [
{
"date": "2019-12-16T18:32:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-16T18:32:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:19:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product_id": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower\u0026tag=3.5.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryan Petrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19340",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2019-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19340"
},
{
"category": "external",
"summary": "RHBZ#1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "workaround",
"details": "The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command \"rabbitmqctl delete_user guest\".",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly"
},
{
"acknowledgments": [
{
"names": [
"Graham Mainwaring"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19341",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: intermediate files during Tower backup are world-readable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.7 (5.10) release is not affected, because we do not run Ansible Tower backups from CloudForms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19341"
},
{
"category": "external",
"summary": "RHBZ#1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19341",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: intermediate files during Tower backup are world-readable"
},
{
"cve": "CVE-2019-19342",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2019-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782623"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the \u0027#\u0027 character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: special characters in RabbitMQ passwords causes web socket 500 error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19342"
},
{
"category": "external",
"summary": "RHBZ#1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19342",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "workaround",
"details": "This issue could be mitigated by setting or changing the RabbitMQ passwords without using the specials characters. Complex passwords could still remain or even increase by using unpredictable longer strings. This adds much more entropy rather than just using special characters in shorter strings.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: special characters in RabbitMQ passwords causes web socket 500 error"
}
]
}
RHSA-2019:4242
Vulnerability from csaf_redhat
Published
2019-12-16 18:32
Modified
2024-11-22 14:19
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Details
* Added a command to generate a new SECRET_KEY and rekey the database
* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
* Fixed a file descriptor leak in the Tower service during project updates
* Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored
* Fixed an issue where some timezones in schedules could not be parsed
* Fixed isolated execution of playbooks with blanks in the filename
* Fixed saving of workflow extra_vars
* Updated Ansible Tower to disallow Jinja in inventory hostnames
* Updated analytics data collection to match Ansible Tower 3.6
* Updated bundled oVirt SDK to version 4.3.0
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added a command to generate a new SECRET_KEY and rekey the database \n* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)\n* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)\n* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)\n* Fixed a file descriptor leak in the Tower service during project updates\n* Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored\n* Fixed an issue where some timezones in schedules could not be parsed\n* Fixed isolated execution of playbooks with blanks in the filename\n* Fixed saving of workflow extra_vars\n* Updated Ansible Tower to disallow Jinja in inventory hostnames\n* Updated analytics data collection to match Ansible Tower 3.6\n* Updated bundled oVirt SDK to version 4.3.0",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4242",
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4242.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:19:39+00:00",
"generator": {
"date": "2024-11-22T14:19:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:4242",
"initial_release_date": "2019-12-16T18:32:36+00:00",
"revision_history": [
{
"date": "2019-12-16T18:32:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-16T18:32:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:19:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product_id": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower\u0026tag=3.5.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryan Petrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19340",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2019-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19340"
},
{
"category": "external",
"summary": "RHBZ#1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "workaround",
"details": "The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command \"rabbitmqctl delete_user guest\".",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly"
},
{
"acknowledgments": [
{
"names": [
"Graham Mainwaring"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19341",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: intermediate files during Tower backup are world-readable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.7 (5.10) release is not affected, because we do not run Ansible Tower backups from CloudForms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19341"
},
{
"category": "external",
"summary": "RHBZ#1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19341",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: intermediate files during Tower backup are world-readable"
},
{
"cve": "CVE-2019-19342",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2019-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782623"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the \u0027#\u0027 character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: special characters in RabbitMQ passwords causes web socket 500 error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19342"
},
{
"category": "external",
"summary": "RHBZ#1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19342",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "workaround",
"details": "This issue could be mitigated by setting or changing the RabbitMQ passwords without using the specials characters. Complex passwords could still remain or even increase by using unpredictable longer strings. This adds much more entropy rather than just using special characters in shorter strings.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: special characters in RabbitMQ passwords causes web socket 500 error"
}
]
}
RHSA-2019:4243
Vulnerability from csaf_redhat
Published
2019-12-16 18:34
Modified
2024-11-22 14:19
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
Details
* Added a command to generate a new SECRET_KEY and rekey the database
* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
* Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
* Fixed hang in error handling for source control checkouts
* Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
* Fixed an issue where supervisord would not shut down correctly
* Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
* Fixed link to instance groups documentation in the user interface
* Fixed retrieval of Red Hat subscription data when running in OpenShift
* Fixed editing of inventory on Workflow templates
* Fixed multiple issues with OAuth2 token cleanup system jobs
* Fixed custom email notifications for workflow approve and deny
* Updated SAML implementation to automatically log if authorization exists
* Updated AngularJS to 1.7.9 for CVE-2019-10768
* Updated installer to not install PostgreSQL server on all nodes
* Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added a command to generate a new SECRET_KEY and rekey the database\n* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)\n* Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used\n* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)\n* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)\n* Fixed hang in error handling for source control checkouts\n* Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout\n* Fixed an issue where supervisord would not shut down correctly\n* Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout\n* Fixed link to instance groups documentation in the user interface\n* Fixed retrieval of Red Hat subscription data when running in OpenShift\n* Fixed editing of inventory on Workflow templates\n* Fixed multiple issues with OAuth2 token cleanup system jobs\n* Fixed custom email notifications for workflow approve and deny\n* Updated SAML implementation to automatically log if authorization exists\n* Updated AngularJS to 1.7.9 for CVE-2019-10768\n* Updated installer to not install PostgreSQL server on all nodes\n* Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4243",
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4243.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:19:46+00:00",
"generator": {
"date": "2024-11-22T14:19:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:4243",
"initial_release_date": "2019-12-16T18:34:43+00:00",
"revision_history": [
{
"date": "2019-12-16T18:34:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-16T18:34:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:19:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product": {
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product_id": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-36/ansible-tower\u0026tag=3.6.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
},
"product_reference": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryan Petrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19340",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2019-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19340"
},
{
"category": "external",
"summary": "RHBZ#1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "workaround",
"details": "The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command \"rabbitmqctl delete_user guest\".",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly"
},
{
"acknowledgments": [
{
"names": [
"Graham Mainwaring"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19341",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: intermediate files during Tower backup are world-readable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.7 (5.10) release is not affected, because we do not run Ansible Tower backups from CloudForms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19341"
},
{
"category": "external",
"summary": "RHBZ#1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19341",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: intermediate files during Tower backup are world-readable"
},
{
"cve": "CVE-2019-19342",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2019-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782623"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the \u0027#\u0027 character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: special characters in RabbitMQ passwords causes web socket 500 error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19342"
},
{
"category": "external",
"summary": "RHBZ#1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19342",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "workaround",
"details": "This issue could be mitigated by setting or changing the RabbitMQ passwords without using the specials characters. Complex passwords could still remain or even increase by using unpredictable longer strings. This adds much more entropy rather than just using special characters in shorter strings.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: special characters in RabbitMQ passwords causes web socket 500 error"
}
]
}
rhsa-2019:4243
Vulnerability from csaf_redhat
Published
2019-12-16 18:34
Modified
2024-11-22 14:19
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
Details
* Added a command to generate a new SECRET_KEY and rekey the database
* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
* Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
* Fixed hang in error handling for source control checkouts
* Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
* Fixed an issue where supervisord would not shut down correctly
* Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
* Fixed link to instance groups documentation in the user interface
* Fixed retrieval of Red Hat subscription data when running in OpenShift
* Fixed editing of inventory on Workflow templates
* Fixed multiple issues with OAuth2 token cleanup system jobs
* Fixed custom email notifications for workflow approve and deny
* Updated SAML implementation to automatically log if authorization exists
* Updated AngularJS to 1.7.9 for CVE-2019-10768
* Updated installer to not install PostgreSQL server on all nodes
* Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added a command to generate a new SECRET_KEY and rekey the database\n* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)\n* Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used\n* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)\n* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)\n* Fixed hang in error handling for source control checkouts\n* Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout\n* Fixed an issue where supervisord would not shut down correctly\n* Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout\n* Fixed link to instance groups documentation in the user interface\n* Fixed retrieval of Red Hat subscription data when running in OpenShift\n* Fixed editing of inventory on Workflow templates\n* Fixed multiple issues with OAuth2 token cleanup system jobs\n* Fixed custom email notifications for workflow approve and deny\n* Updated SAML implementation to automatically log if authorization exists\n* Updated AngularJS to 1.7.9 for CVE-2019-10768\n* Updated installer to not install PostgreSQL server on all nodes\n* Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4243",
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4243.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:19:46+00:00",
"generator": {
"date": "2024-11-22T14:19:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:4243",
"initial_release_date": "2019-12-16T18:34:43+00:00",
"revision_history": [
{
"date": "2019-12-16T18:34:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-16T18:34:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:19:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product": {
"name": "Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product": {
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product_id": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-36/ansible-tower\u0026tag=3.6.2-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64 as a component of Red Hat Ansible Tower 3.6 for RHEL 7",
"product_id": "7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
},
"product_reference": "ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryan Petrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19340",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2019-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19340"
},
{
"category": "external",
"summary": "RHBZ#1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "workaround",
"details": "The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command \"rabbitmqctl delete_user guest\".",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly"
},
{
"acknowledgments": [
{
"names": [
"Graham Mainwaring"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19341",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: intermediate files during Tower backup are world-readable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.7 (5.10) release is not affected, because we do not run Ansible Tower backups from CloudForms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19341"
},
{
"category": "external",
"summary": "RHBZ#1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19341",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: intermediate files during Tower backup are world-readable"
},
{
"cve": "CVE-2019-19342",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2019-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782623"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the \u0027#\u0027 character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: special characters in RabbitMQ passwords causes web socket 500 error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19342"
},
{
"category": "external",
"summary": "RHBZ#1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19342",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:34:43+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4243"
},
{
"category": "workaround",
"details": "This issue could be mitigated by setting or changing the RabbitMQ passwords without using the specials characters. Complex passwords could still remain or even increase by using unpredictable longer strings. This adds much more entropy rather than just using special characters in shorter strings.",
"product_ids": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.6:ansible-tower-36/ansible-tower@sha256:dcaf6e0914afb8cecf1962fbc1d6afa5a132f85ea20f56e18102310ad11515b5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: special characters in RabbitMQ passwords causes web socket 500 error"
}
]
}
rhsa-2019_4242
Vulnerability from csaf_redhat
Published
2019-12-16 18:32
Modified
2024-11-22 14:19
Summary
Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Notes
Topic
Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
Details
* Added a command to generate a new SECRET_KEY and rekey the database
* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
* Fixed a file descriptor leak in the Tower service during project updates
* Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored
* Fixed an issue where some timezones in schedules could not be parsed
* Fixed isolated execution of playbooks with blanks in the filename
* Fixed saving of workflow extra_vars
* Updated Ansible Tower to disallow Jinja in inventory hostnames
* Updated analytics data collection to match Ansible Tower 3.6
* Updated bundled oVirt SDK to version 4.3.0
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container",
"title": "Topic"
},
{
"category": "general",
"text": "* Added a command to generate a new SECRET_KEY and rekey the database \n* Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)\n* Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)\n* Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)\n* Fixed a file descriptor leak in the Tower service during project updates\n* Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored\n* Fixed an issue where some timezones in schedules could not be parsed\n* Fixed isolated execution of playbooks with blanks in the filename\n* Fixed saving of workflow extra_vars\n* Updated Ansible Tower to disallow Jinja in inventory hostnames\n* Updated analytics data collection to match Ansible Tower 3.6\n* Updated bundled oVirt SDK to version 4.3.0",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4242",
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4242.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container",
"tracking": {
"current_release_date": "2024-11-22T14:19:39+00:00",
"generator": {
"date": "2024-11-22T14:19:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:4242",
"initial_release_date": "2019-12-16T18:32:36+00:00",
"revision_history": [
{
"date": "2019-12-16T18:32:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-16T18:32:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:19:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_tower:3.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Tower"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product": {
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product_id": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979?arch=amd64\u0026repository_url=registry.redhat.io/ansible-tower-35/ansible-tower\u0026tag=3.5.4-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64 as a component of Red Hat Ansible Tower 3.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
},
"product_reference": "ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64",
"relates_to_product_reference": "7Server-Ansible-Tower-3.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryan Petrello"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19340",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2019-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19340"
},
{
"category": "external",
"summary": "RHBZ#1782624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "workaround",
"details": "The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command \"rabbitmqctl delete_user guest\".",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly"
},
{
"acknowledgments": [
{
"names": [
"Graham Mainwaring"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-19341",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: intermediate files during Tower backup are world-readable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.7 (5.10) release is not affected, because we do not run Ansible Tower backups from CloudForms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19341"
},
{
"category": "external",
"summary": "RHBZ#1782625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19341",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: intermediate files during Tower backup are world-readable"
},
{
"cve": "CVE-2019-19342",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2019-11-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1782623"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the \u0027#\u0027 character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tower: special characters in RabbitMQ passwords causes web socket 500 error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19342"
},
{
"category": "external",
"summary": "RHBZ#1782623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19342",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19342"
}
],
"release_date": "2019-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-16T18:32:36+00:00",
"details": "For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4242"
},
{
"category": "workaround",
"details": "This issue could be mitigated by setting or changing the RabbitMQ passwords without using the specials characters. Complex passwords could still remain or even increase by using unpredictable longer strings. This adds much more entropy rather than just using special characters in shorter strings.",
"product_ids": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-Ansible-Tower-3.5:ansible-tower-35/ansible-tower@sha256:c3e1c9ab4902ee20862cd4947b981600bbb36ac36759700a02b121cf5cc35979_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tower: special characters in RabbitMQ passwords causes web socket 500 error"
}
]
}
gsd-2019-19341
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19341",
"description": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"id": "GSD-2019-19341",
"references": [
"https://access.redhat.com/errata/RHSA-2019:4243",
"https://access.redhat.com/errata/RHSA-2019:4242"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19341"
],
"details": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"id": "GSD-2019-19341",
"modified": "2023-12-13T01:23:53.746262Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-19341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tower",
"version": {
"version_data": [
{
"version_value": "all ansible_tower versions 3.6.x before 3.6.2"
}
]
}
}
]
},
"vendor_name": "RedHat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-19341"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-01-31T20:11Z",
"publishedDate": "2019-12-19T21:15Z"
}
}
}
ghsa-jx7q-9m4v-jj44
Vulnerability from github
Published
2022-05-24 17:04
Modified
2023-01-31 21:30
Severity ?
Details
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2019-19341"
],
"database_specific": {
"cwe_ids": [
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-19T21:15:00Z",
"severity": "LOW"
},
"details": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in \u0027/var/backup/tower\u0027 are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.",
"id": "GHSA-jx7q-9m4v-jj44",
"modified": "2023-01-31T21:30:20Z",
"published": "2022-05-24T17:04:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19341"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19341"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.