PT-2018-10238 · Red Hat · Ansible Tower

Sam Fowler

Published

2018-05-02

Updated

2019-10-09

CVE-2018-1101

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.2.4

Description The issue is related to a flaw in the management of system and organization administrators, allowing for privilege escalation. Specifically, system administrators who are members of organizations can have their passwords reset by organization administrators, which enables organization administrators to gain access to the entire system.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue.

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521CWE-266

Related Identifiers

CVE-2018-1101

RHSA-2018:1328

RHSA-2018:1972

Affected Products

Ansible Tower

PT-2018-10238 · Red Hat · Ansible Tower

CVE-2018-1101

Weakness Enumeration

Related Identifiers

Affected Products

References · 7