CVE-2018-16879
Last modified
CVE-2018-16879 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.
Description
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Tower | < 3.3.3 |
References
- http://www.securityfocus.com/bid/106310Broken Link, Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879Issue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/106310Broken Link, Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16879?
How severe is CVE-2018-16879?
How do I fix CVE-2018-16879?
Are you affected by CVE-2018-16879?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST