CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-16879

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile12.72th
Published2019年1月3日
Last Modified2024年11月21日

Vulnerability Description

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

Affected Platforms (CPE)

📦
Redhat

Ansible Tower

< 3.3.3

References & Advisories

🔗 http://www.securityfocus.com/bid/106310
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
🔗 http://www.securityfocus.com/bid/106310
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879

相关漏洞威胁

CVE-2019-103108.8

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstall...

CVE-2018-108848.8

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An ...

CVE-2018-11048.8

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template ...

CVE-2019-103118.8

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#...

CVE-2018-16879 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space