CVE-2018-16879
Summary
| CVE | CVE-2018-16879 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-03 14:29:00 UTC |
| Updated | 2023-02-03 02:12:00 UTC |
| Description | Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files. |
Risk And Classification
Problem Types: CWE-311
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ansible Tower | All | All | All | All |
| Application | Redhat | Ansible Tower | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ansible Tower CVE-2018-16879 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| 1658394 – (CVE-2018-16879) CVE-2018-16879 Tower: security channel is not set properly for AMPQ connection | CONFIRM | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.