CVE-2019-19340

Summary

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Affected Software

VendorProductVersion RangeStatus
Red HatToweransible_tower versions 3.6.x before 3.6.2affected
Red HatToweransible_tower versions 3.5.x before 3.5.4affected

Weaknesses

  • CWE-1188: CWE-1188

ADP Enrichment

CVE Program Container

Additional References

References