How severe is CVE-2019-19340?

CVE-2019-19340 has a CVSS v3 score of 8.2 (HIGH).

CVE-2019-19340

Name: enterprise_linux
Author: redhat

8.2HIGH

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ managem

Veröffentlicht: 12/19/2019Aktualisiert: 11/21/2024

Beschreibung

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

KI-AnalyseKI-gestützt

Betroffene Produkte

redhatansible_tower

redhatenterprise_linux

7.0

Referenzen

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340
Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340
Issue TrackingVendor Advisory