CVE-2018-16879

CRITICAL

Ansible Tower <3.3.3 - DoS, Info Disclosure

Title source: llm

Description

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

References (2)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106310

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879

Scores

CVSS v3 9.8

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (1)

redhat/ansible_tower < 3.3.3

Published Jan 03, 2019

Tracked Since Feb 18, 2026