CVE-2018-16879 is a vulnerability in Red Hat Ansible Tower
Published on January 3, 2019
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
Weakness Type
Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.
Products Associated with CVE-2018-16879
Want to know whenever a new CVE is published for Red Hat Ansible Tower? stack.watch will email you.
Affected Versions
[UNKNOWN] Tower Version 3.3.3 is affected by CVE-2018-16879Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.