CVE-2016-7070

Summary

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

Affected Software

VendorProductVersion RangeStatus
Red HatAnsible Tower3.0.3affected

Weaknesses

  • CWE-266: CWE-266

ADP Enrichment

CVE Program Container

Additional References

References