CVE-2018-16879

Published: Jan 3, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

Affected (1)

Products: Redhat: Ansible Tower

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible Tower	Before 3.3.3

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

http://www.securityfocus.com/bid/106310

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/106310

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.