A vulnerability classified as critical has been found in Red Hat Ansible Tower up to 3.3.2. Affected is an unknown code of the component Secure Channel. The manipulation as part of a Password leads to a path error vulnerability. CWE is classifying the issue as CWE-417. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.

The bug was discovered 01/02/2019. The weakness was shared 01/03/2019 as not defined bug report (Bugzilla). The advisory is shared for download at bugzilla.redhat.com. This vulnerability is traded as CVE-2018-16879 since 09/11/2018. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 13391 (Ansible Tower Information Disclosure Vulnerability).

Upgrading to version 3.3.3 eliminates this vulnerability.

Productinfo

Vendor

• Red Hat

Name

• Ansible Tower

Version

• 3.3.0
• 3.3.1
• 3.3.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion