Vulnerability CVE-2018-1101


Published: 2018-05-02

Description:
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Redhat
Product: Cloudforms 
Version: 4.6;
Product: Ansible tower 
Version:
3.2.3
3.2.2
3.2.1
3.2.0
3.1.7
3.1.6
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.4
3.0.3
3.0.2
3.0.1
3.0
2.4.5
2.4.4
2.4.3
2.4.0
2.3.1
2.3.0
2.2.2
2.2.1
2.2.0
2.1.6
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.4.9
1.4.8
1.4.5
1.4.12
1.4.11
1.4.10
1.4.0
1.3.0
1.2.2

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://access.redhat.com/errata/RHSA-2018:1328
https://access.redhat.com/security/cve/cve-2018-1101
https://bugzilla.redhat.com/show_bug.cgi?id=1563492
,
https://www.ansible.com/security

Related CVE
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which co...
CVE-2018-4944
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS ...
CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types o...
CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...
CVE-2016-8627
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's bro...
CVE-2018-1089
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl...

Copyright 2018, cxsecurity.com

 

Back to Top