CVE-2019-19341

N/A

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability.

N/A

关键资源的不正确权限授予

Ansible Tower 安全漏洞

Ansible是美国Ansible公司的一款计算机系统配置管理器。该产品可用于发布、管理和编排计算机系统。Ansible Tower是其中的一个提供了用户界面（UI）、仪表板和REST API的任务控制应用程序。 Ansible Tower中存在安全漏洞，该漏洞源于/var/backup/tower中的文件为全局可读。攻击者可利用该漏洞检索存储在Tower中的凭证。

N/A

N/A