Input validation error in Ansible Tower - CVE-2017-12148
Published: July 27, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31254
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-12148
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Ansible Tower
Ansible Tower
Detailed vulnerability description
The vulnerability allows a remote privileged user to execute arbitrary code.
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
How to mitigate CVE-2017-12148
Install update from vendor's website.