Privilege Escalation Vulnerability in Ansible Tower by Red Hat
CVE-2016-7070

8HIGH

Key Information:

Vendor: Red Hat
Status: Ansible Tower
Vendor: CVE Published:; 11 September 2018

Summary

A security flaw exists in Ansible Tower prior to version 3.0.3 where the system incorrectly sets the trust level for the PostgreSQL database's postgres user. This misconfiguration potentially allows an attacker to exploit the vulnerability to gain unauthorized administrative access to the database, posing significant security risks to data integrity and confidentiality.

Affected Version(s)

Ansible Tower 3.0.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070

x_refsource_CONFIRM

https://docs.ansible.com/ansible-tower/3.0.3/html/upgrade...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2018
Vulnerability Reserved
Aug 23, 2016