CVE-2017-12148

Impact:
Important
Public Date:
2017-09-19
CWE:
CWE-20
Bugzilla:
1485474: CVE-2017-12148 Ansible Tower:modification of git hooks in SCM repo via upstream playbook execution
A flaw was found in Tower's interface with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.

Find out more about CVE-2017-12148 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 8.4
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
CloudForms Management Engine 5.8 RHSA-2017:3005 2017-10-24

Affected Packages State

Platform Package State
Red Hat Ansible Tower 3 for RHEL 7 security Affected

Acknowledgements

This issue was discovered by Ryan Petrello (Red Hat).
Last Modified