How severe is CVE-2018-16879?

CVE-2018-16879 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2018-16879

Name: ansible_tower
Author: redhat

9.8CRITICAL

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data

发布于: 1/3/2019更新于: 11/21/2024

描述

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

AI分析AI驱动

受影响产品

redhatansible_tower

参考资料

http://www.securityfocus.com/bid/106310
Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
Issue TrackingVendor Advisory
http://www.securityfocus.com/bid/106310
Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879
Issue TrackingVendor Advisory