Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2019-19340
HistoryDec 14, 2019 - 12:54 a.m.

CVE-2019-19340

2019-12-1400:54:33
redhat.com
access.redhat.com
14

0.002 Low

EPSS

Percentile

57.5%

JSON

A flaw was found in Ansible Tower 3.6.1 and 3.5.3 where enabling RabbitMQ manager by setting it with ‘-e rabbitmq_enable_manager=true’ exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Mitigation

The issue could be mitigated by limiting the access of the interface to internal trusted networks, limiting the ports open and set the firewall with more restrictive rules. Some of these instructions are already suggested in the Ansible Tower documentation as part of the Ansible Tower Administration Guide. Issue could be also mitigated by deleting the guest default user by running the command "rabbitmqctl delete_user guest".

Related

cvelist 1
nvd 1
cve 1
prion 1
symantec 1
redhat 2
nessus 1
cvelist
cvelist
CVE-2019-19340
2019-12-19 20:16:46
nvd
nvd
CVE-2019-19340
2019-12-19 21:15:13
cve
cve
CVE-2019-19340
2019-12-19 21:15:13
prion
prion
Design/Logic Flaw
2019-12-19 21:15:00
symantec
symantec
Ansible Tower Multiple Security Vulnerabilities
2019-12-14 00:00:00
redhat
redhat
(RHSA-2019:4242) Important: Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container
2019-12-16 23:21:27
(RHSA-2019:4243) Important: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container
2019-12-16 18:21:29
nessus
nessus
Ansible Tower 3.5.x < 3.5.4 / 3.6.x < 3.6.2 Multiple Vulnerabilities
2019-12-20 00:00:00

0.002 Low

EPSS

Percentile

57.5%

JSON
Related for RH:CVE-2019-19340
cvelist1nvd1cve1prion1symantec1redhat2nessus1