Ansible Tower Security Vulnerabilities and Issues — Ansible Tower CVE List

Lucene search

RedhatAnsible Tower

3 matches found

CVE•added 2019/12/19 9:15 p.m.•173 views

CVE-2019-19340

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could g...

8.2CVSS8.1AI score0.00509EPSS

CVE•added 2019/12/19 9:15 p.m.•156 views

CVE-2019-19342

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wil...

5.3CVSS5.5AI score0.00338EPSS

CVE•added 2019/12/19 9:15 p.m.•149 views

CVE-2019-19341

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credenti...

5.9CVSS5.5AI score0.00103EPSS