PT-2018-5372 · Red Hat · Ansible Tower
Publicado
2018-07-27
·
Atualizado
2019-10-09
·
CVE-2017-12148
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ansible Tower versions prior to 3.1.5
Ansible Tower versions prior to 3.2.0
Description
A flaw was found in Ansible Tower's interface with SCM repositories. If a Tower project definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook. This playbook, when executed by Tower, could modify the checked out SCM repository to add git hooks, potentially leading to arbitrary command and code execution as the user Tower runs as.
Recommendations
For Ansible Tower versions prior to 3.1.5, update to version 3.1.5 or later.
For Ansible Tower versions prior to 3.2.0, update to version 3.2.0 or later.
As a temporary workaround, consider setting the 'delete before update' flag for all Tower project definitions to prevent exploitation.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ansible Tower