When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.
Weakness
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ansible_tower | Redhat | * | 3.3.5 (excluding) |
| Ansible_tower | Redhat | 3.4.0 (including) | 3.4.3 (excluding) |
| CloudForms Management Engine 5.10 | RedHat | ansible-tower-0:3.4.3-1.el7at | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-0:5.10.3.3-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-amazon-smartstate-0:5.10.3.3-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-appliance-0:5.10.3.3-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-gemset-0:5.10.3.3-1.el7cf | * |
| Red Hat Ansible Tower 3.3 for RHEL 7 | RedHat | ansible-tower-33/ansible-tower:3.3.5-3 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-34/ansible-tower:3.4.3-4 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-34/ansible-tower-memcached:1.4.15-18 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-34/ansible-tower-messaging:3.7.4-10 | * |