CVE-2018-16879

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.3.3

Description The issue is related to the insecure configuration channel settings for messaging celery workers from RabbitMQ, which could lead to a data leak of sensitive information such as passwords and denial of service attacks by deleting projects or inventory files.

Recommendations For Ansible Tower versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider configuring a secure channel for messaging celery workers from RabbitMQ to minimize the risk of exploitation. Restrict access to sensitive information and projects to prevent potential data leaks and denial of service attacks.