CVE-2019-19340 HIGH

CVE-2019-19340

Vendor Red Hat
Product Tower
Weakness CWE-1188
Published December 19, 2019
Last update August 5, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Key dates

02Disclosure timeline

December 19, 2019 CVE published
August 5, 2024 Record updated