Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-01-03T14:00:00

Updated: 2024-08-05T10:32:54.171Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16879

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-01-03T14:29:00.197

Modified: 2023-02-03T02:12:09.037

Link: CVE-2018-16879

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-12-20T00:00:00Z

Links: CVE-2018-16879 - Bugzilla