Privilege escalation in Ansible Tower - CVE-2018-1101
Published: May 18, 2018
Vulnerability identifier: #VU12838
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1101
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Ansible Tower
Ansible Tower
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to write arbitrary files and gain elevated privileges on the target system.
The weakness exists in the management of system and organization administrators due to improper security restrictions. A remote attacker can reset the passwords and gain root privileges.
The weakness exists in the management of system and organization administrators due to improper security restrictions. A remote attacker can reset the passwords and gain root privileges.
How to mitigate CVE-2018-1101
Update to version 3.2.4.