How severe is CVE-2018-16879?

CVE-2018-16879 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2018-16879

Name: ansible_tower
Author: redhat

9.8CRITICAL

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data

Publicado: 1/3/2019Atualizado: 11/21/2024

Descrição

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

Análise IADesenvolvido por IA

Produtos Afetados

redhatansible_tower

Referências

http://www.securityfocus.com/bid/106310
Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
Issue TrackingVendor Advisory
http://www.securityfocus.com/bid/106310
Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
Issue TrackingVendor Advisory