Vulnerability Details : CVE-2019-19340
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
Products affected by CVE-2019-19340
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-19340
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-19340
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST | |
8.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
3.9
|
4.2
|
Red Hat, Inc. | |
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
3.9
|
4.2
|
NIST |
CWE ids for CVE-2019-19340
-
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2019-19340
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340
1782624 – (CVE-2019-19340) CVE-2019-19340 Tower: enabling RabbitMQ manager in the installer exposes the management interface publiclyIssue Tracking;Vendor Advisory
Jump to