CVE-2019-19340
8.2HIGHA flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ managem
게시됨: 12/19/2019업데이트됨: 11/21/2024
설명
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
AI 분석AI 기반
영향받는 제품
redhatansible_tower
redhatansible_tower
redhatenterprise_linux
7.0
참조
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340Issue TrackingVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340Issue TrackingVendor Advisory