CVE-2019-19340

Name of the Vulnerable Software and Affected Versions Ansible Tower versions 3.5.x through 3.5.2 Ansible Tower versions 3.6.x through 3.6.1

Description A flaw was found in Ansible Tower where enabling RabbitMQ manager by setting it with '-e rabbitmq enable manager=true' exposes the RabbitMQ management interface publicly. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Recommendations For versions 3.5.x through 3.5.2, update to version 3.5.3 or later to resolve the issue. For versions 3.6.x through 3.6.1, update to version 3.6.2 or later to resolve the issue. As a temporary workaround, consider disabling the RabbitMQ manager by setting '-e rabbitmq enable manager=false' to minimize the risk of exploitation.