CVE-2019-19340 vulnerability in Red Hat Products
Published on December 19, 2019
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
Weakness Type
Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Products Associated with CVE-2019-19340
stack.watch emails you whenever new vulnerabilities are published in Red Hat Ansible Tower or Red Hat Enterprise Linux (RHEL). Just hit a watch button to start following.
Affected Versions
Red Hat Tower:- Version ansible_tower versions 3.6.x before 3.6.2 is affected.
- Version ansible_tower versions 3.5.x before 3.5.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.