CVE-2018-1101

Impact:
Important
Public Date:
2018-04-27
CWE:
CWE-266
Bugzilla:
1563492: CVE-2018-1101 ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
Ansible Tower, before version 3.2.4, has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Find out more about CVE-2018-1101 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 8
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
CloudForms Management Engine 5.8 RHSA-2018:1972 2018-06-25
CloudForms Management Engine 5.9 RHSA-2018:1328 2018-05-07

Affected Packages State

Platform Package State
Red Hat Ansible Tower 3 for RHEL 7 security-tower Affected

Acknowledgements

This issue was discovered by Graham Mainwaring (Red Hat).
Last Modified