CVE-2018-1101
N/A
N/A
Summary
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | Ansible Tower | before 3.2.4 | affected |
Weaknesses
- CWE-266: CWE-266
ADP Enrichment
CVE Program Container
Additional References
- https://www.ansible.com/security
- https://bugzilla.redhat.com/show_bug.cgi?id=1563492
- https://access.redhat.com/errata/RHSA-2018:1972
- https://access.redhat.com/security/cve/cve-2018-1101
- https://access.redhat.com/errata/RHSA-2018:1328
References
- https://www.ansible.com/security
- https://bugzilla.redhat.com/show_bug.cgi?id=1563492
- https://access.redhat.com/errata/RHSA-2018:1972
- https://access.redhat.com/security/cve/cve-2018-1101
- https://access.redhat.com/errata/RHSA-2018:1328
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.