CVE-2019-19340

HIGH

Ansible Tower <3.6.2-3.5.3 - Privilege Escalation

Title source: llm

Description

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340

Scores

CVSS v3 8.2

EPSS 0.0041

EPSS Percentile 61.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Details

CWE

CWE-1188

Status published

Products (2)

redhat/ansible_tower 3.5.0 - 3.5.3

redhat/enterprise_linux 7.0

Published Dec 19, 2019

Tracked Since Feb 18, 2026