Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-16879

EPSS 0.23% · P46
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-16879

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据加密缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ansible Tower 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ansible是美国Ansible公司的一款计算机系统配置管理器,它可用于发布、管理和编排计算机系统。Ansible Tower(又名Ansible UI)是其中的一个提供了用户界面(UI)、仪表板和REST API的任务控制应用程序。 Ansible Tower 3.3.3之前版本中存在信息泄露漏洞,该漏洞源于程序没有正确的为AMPQ连接设置安全通道。远程攻击者可利用该漏洞泄露敏感信息(例如:密码)并造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
[UNKNOWN]Tower 3.3.3 -

II. Public POCs for CVE-2018-16879

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-16879

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Tower
Same vendor: [UNKNOWN]
Same weakness: CWE-311

V. Comments for CVE-2018-16879

No comments yet

Leave a comment