Main Vulnerability Database Vulnerabilities #VU16715

Security restrictions bypass in Ansible Tower - CVE-2018-16879

Published: December 20, 2018 / Updated: December 26, 2018

Vulnerability identifier: #VU16715

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-16879

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Ansible Tower

Detailed vulnerability description

The vulnerability allows an adjacent attacker to bypass security restrictions.

The vulnerability exists due to security channel is not set properly for AMPQ connection. An adjacent attacker can bypass security restrictions and gain access to potentially sensitive information or cause the service to crash.

How to mitigate CVE-2018-16879

Update to version 3.3.3.

Sources

https://docs.ansible.com/ansible-tower/latest/html/installandreference/release_notes.html
https://github.com/ansible/tower-packaging/pull/207

Security restrictions bypass in Ansible Tower - CVE-2018-16879

Detailed vulnerability description

How to mitigate CVE-2018-16879

Sources

Please verify you're human