Privilege Escalation Vulnerability in Ansible Tower by Red Hat
CVE-2016-7070
8HIGH
Summary
A security flaw exists in Ansible Tower prior to version 3.0.3 where the system incorrectly sets the trust level for the PostgreSQL database's postgres user. This misconfiguration potentially allows an attacker to exploit the vulnerability to gain unauthorized administrative access to the database, posing significant security risks to data integrity and confidentiality.
Affected Version(s)
Ansible Tower 3.0.3
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved