PT-2018-10238 · Red Hat · Ansible Tower

Sam Fowler

Publicado

2018-05-02

Atualizado

2019-10-09

CVE-2018-1101

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.2.4

Description The issue is related to a flaw in the management of system and organization administrators, allowing for privilege escalation. Specifically, system administrators who are members of organizations can have their passwords reset by organization administrators, which enables organization administrators to gain access to the entire system.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue.

Correção

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-521CWE-266

Identificadores relacionados

CVE-2018-1101

RHSA-2018:1328

RHSA-2018:1972

Produtos afetados

Ansible Tower

PT-2018-10238 · Red Hat · Ansible Tower

CVE-2018-1101

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7