PT-2018-10260 · Red Hat · Ansible Tower

Sam Fowler

Publicado

2018-05-02

Atualizado

2019-10-09

CVE-2018-1104

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.2.4

Description The issue allows users with access to define variables for a job template to execute arbitrary code on the Tower server.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2018-1104

RHSA-2018:1328

RHSA-2018:1972

Ansible Tower