Vigil@nce - Ansible Tower: information disclosure via AMPQ RabbitMQ Celery Workers Messaging
January 2019 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Impacted products: Ansible Tower.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet server.
Confidence: confirmed by the editor (5/5).
Creation date: 04/01/2019.
DESCRIPTION OF THE VULNERABILITY
An attacker can bypass access restrictions to data via AMPQ
RabbitMQ Celery Workers Messaging of Ansible Tower, in order to
obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN