Ansible Tower 3.x < 3.3.3 Unauthorized Access vulnerability
High Nessus Plugin ID 127125
SynopsisAn IT monitoring application running on the remote host is affected by a Unauthorized Access vulnerability.
DescriptionThe version of Ansible Tower running on the remote web server is 3.x prior to 3.3.3. It is, therefore, affected by an unauthorized access vulnerability due to a RabbitMQ misconfiguration. The configuration does not set a secure channel for messaging celery workers, resulting in a leak of sensitive data and the deletion of projects & files.
SolutionUpgrade to Ansible Tower version 3.3.3 or later.