Merge branch 'CVE-2018-16879' of https://github.com/RedHatProductSecurity/cvelist

2025-06-08 14:08:13 +00:00 · 2019-01-03 08:38:20 -05:00 · 2019-01-03 08:38:20 -05:00 · a7a4f85a54
commit a7a4f85a54
parent b7bf85dcf5 57337ca48d
1 changed files with 69 additions and 16 deletions
--- a/2018/16xxx/CVE-2018-16879.json
+++ b/2018/16xxx/CVE-2018-16879.json
@ -1,18 +1,71 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-16879",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2018-16879",
+        "ASSIGNER": "sfowler@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Tower",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "3.3.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-306"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "7.3/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
 }