CVE-2019-19340 Vulnerability Details

  /     /     /  

CVE-2019-19340 Metadata Quick Info

CVE Published: 19/12/2019 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: redhat | Vendor: Red Hat | Product: Tower
Status : PUBLISHED

---

CVE-2019-19340 Description

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with \'-e rabbitmq_enable_manager=true\' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1188
CWE Name: CWE-1188
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).