How severe is CVE-2018-16879?

CVE-2018-16879 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2018-16879

Name: ansible_tower
Author: redhat

9.8CRITICAL

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data

公開日: 1/3/2019更新日: 11/21/2024

説明

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

AI分析AIによる分析

影響を受ける製品

redhatansible_tower

参照

http://www.securityfocus.com/bid/106310
Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
Issue TrackingVendor Advisory
http://www.securityfocus.com/bid/106310
Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
Issue TrackingVendor Advisory