CVE-2020-10698: 
Ansible Tower vulnerability analysis and mitigation

A security vulnerability (CVE-2020-10698) was discovered in Ansible Tower that allows attackers to access the stdout (standard output) of executed jobs running from other organizations. The vulnerability affects Ansible Tower versions before 3.6.4, 3.5.6, and 3.4.6. While sensitive data can be disclosed, critical data protected by the nolog flag when debugging is enabled should remain secure (NVD, [Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=1818924)).

The vulnerability stems from improper websocket group subscription validation in Ansible Tower. The flaw has been assigned a CVSS v3.1 Base Score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating local access is required, low attack complexity, and primarily impacts confidentiality (NVD).

The primary impact of this vulnerability is the potential disclosure of sensitive information through the ability to intercept stdout from jobs running in other organizations. However, critical data that is properly protected using the no_log flag during debugging remains secure (NVD).

A temporary mitigation is available by disabling the stdout from jobs through the nginx configuration file. This can be achieved by removing the entire 'location /websocket' block from the nginx configuration and restarting the nginx service. However, this workaround may impact Tower functionality as stdout stream would be hidden. The permanent fix is to upgrade to Ansible Tower versions 3.6.4, 3.5.6, or 3.4.6 or later (Red Hat Bugzilla).