Vulnerability Description
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Tower | < 3.0.3 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070Issue TrackingVendor Advisory
- https://docs.ansible.com/ansible-tower/3.0.3/html/upgrade-migration-guide/releasRelease NotesVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070Issue TrackingVendor Advisory
- https://docs.ansible.com/ansible-tower/3.0.3/html/upgrade-migration-guide/releasRelease NotesVendor Advisory
FAQ
What is CVE-2016-7070?
CVE-2016-7070 is a vulnerability with a CVSS score of 8.0 (HIGH). A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use thi...
How severe is CVE-2016-7070?
CVE-2016-7070 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7070?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Tower.