Auto-merge PR#2951

2025-06-19 17:32:41 +00:00 · 2019-12-19 15:25:14 -05:00 · 2019-12-19 15:25:14 -05:00 · b25e82ffbe
commit b25e82ffbe
parent 315bf46e11 e3ce57fde7
1 changed files with 60 additions and 4 deletions
--- a/2019/19xxx/CVE-2019-19342.json
+++ b/2019/19xxx/CVE-2019-19342.json
@ -4,15 +4,71 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-19342",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "mrehak@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Tower",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "all ansible_tower versions 3.6.x before 3.6.2"
+                                        },
+                                        {
+                                            "version_value": "all ansible_tower versions 3.5.x before 3.5.4"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-209"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19342",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19342",
+                "refsource": "CONFIRM"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}