PT-2018-10260 · Red Hat · Ansible Tower
Sam Fowler
+1
·
Published
2018-05-02
·
Updated
2019-10-09
·
CVE-2018-1104
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ansible Tower versions prior to 3.2.4
Description
The issue allows users with access to define variables for a job template to execute arbitrary code on the Tower server.
Recommendations
For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ansible Tower