Vulnerability Description
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Tower | < 3.2.4 |
| Redhat | Cloudforms | 4.5 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:1328Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1972Third Party Advisory
- https://access.redhat.com/security/cve/cve-2018-1101Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1563492Issue TrackingThird Party Advisory
- https://www.ansible.com/securityVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:1328Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1972Third Party Advisory
- https://access.redhat.com/security/cve/cve-2018-1101Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1563492Issue TrackingThird Party Advisory
- https://www.ansible.com/securityVendor Advisory
FAQ
What is CVE-2018-1101?
CVE-2018-1101 is a vulnerability with a CVSS score of 7.2 (HIGH). Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations ...
How severe is CVE-2018-1101?
CVE-2018-1101 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1101?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Tower, Redhat Cloudforms.