CVE-2016-7070

8HIGH

Key Information:

Vendor: Red Hat
Status: Ansible Tower
Vendor: CVE Published:; 11 September 2018

Summary

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

Affected Version(s)

Ansible Tower 3.0.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070

x_refsource_CONFIRM

https://docs.ansible.com/ansible-tower/3.0.3/html/upgrade...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2018
Vulnerability Reserved
Aug 23, 2016

Collectors

NVD DatabaseMitre Database