CVE-2018-1101

7.2HIGH

Key Information:

Vendor: Red Hat
Status: Ansible Tower
Vendor: CVE Published:; 2 May 2018

Summary

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Affected Version(s)

Ansible Tower before 3.2.4

References

https://www.ansible.com/security

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1563492

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:1972

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Dec 4, 2017

Collectors

NVD DatabaseMitre Database

.