CVE-2019-19340 Information

Description

A flaw was found in Ansible Tower versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3 where enabling RabbitMQ manager by setting it with ‘-e rabbitmq_enable_manager=true’ exposes the RabbitMQ management interface publicly as expected. If the default admin user is still active an attacker could guess the password and gain access to the system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

LOW

Base Severity

8.2