PT-2018-5372 · Red Hat · Ansible Tower

Published

2018-07-27

Updated

2019-10-09

CVE-2017-12148

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ansible Tower versions prior to 3.1.5 Ansible Tower versions prior to 3.2.0

Description A flaw was found in Ansible Tower's interface with SCM repositories. If a Tower project definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook. This playbook, when executed by Tower, could modify the checked out SCM repository to add git hooks, potentially leading to arbitrary command and code execution as the user Tower runs as.

Recommendations For Ansible Tower versions prior to 3.1.5, update to version 3.1.5 or later. For Ansible Tower versions prior to 3.2.0, update to version 3.2.0 or later. As a temporary workaround, consider setting the 'delete before update' flag for all Tower project definitions to prevent exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-12148

RHSA-2017:3005

Affected Products

Ansible Tower

PT-2018-5372 · Red Hat · Ansible Tower

CVE-2017-12148

Weakness Enumeration

Related Identifiers

Affected Products

References · 4