CVE-2019-19340
8.2HIGHA flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ managem
Опубликовано: 12/19/2019Обновлено: 11/21/2024
Описание
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
ИИ-АнализНа базе ИИ
Затронутые продукты
redhatansible_tower
redhatansible_tower
redhatenterprise_linux
7.0
Ссылки
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340Issue TrackingVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340Issue TrackingVendor Advisory