cvedb.io
CVE-2018-16879
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2019-01-03T14:29:00.197 · Last modified 2026-06-17T01:44:58.797

Summary

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

Affected products

redhat — ansible_tower

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.