CVE-2018-1101 - OpenCVE

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Cloudforms Ansible Tower

Configuration 1 [-]

cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:cloudforms:4.5:::::::*
	cpe:2.3:a:redhat:cloudforms:4.6:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:1328	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1972	Third Party Advisory
https://access.redhat.com/security/cve/cve-2018-1101	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1563492	Issue Tracking Third Party Advisory
https://www.ansible.com/security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-04-27T00:00:00

Updated: 2018-07-09T15:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1101

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-02T18:29:00.717

Modified: 2019-10-09T23:38:06.570

Link: CVE-2018-1101

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Ansible Tower", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "before 3.2.4"}]}], "datePublic": "2018-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-09T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ansible.com/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563492"}, {"name": "RHSA-2018:1972", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2018-1101"}, {"name": "RHSA-2018:1328", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-04-27T00:00:00", "ID": "CVE-2018-1101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ansible Tower", "version": {"version_data": [{"version_value": "before 3.2.4"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-266"}]}]}, "references": {"reference_data": [{"name": "https://www.ansible.com/security", "refsource": "CONFIRM", "url": "https://www.ansible.com/security"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563492", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563492"}, {"name": "RHSA-2018:1972", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"name": "https://access.redhat.com/security/cve/cve-2018-1101", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2018-1101"}, {"name": "RHSA-2018:1328", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1328"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1101", "datePublished": "2018-04-27T00:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-07-09T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "E36D40CA-E45F-4396-9652-1FE69B687AE6", "versionEndExcluding": "3.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E1BA91-4695-4E64-A9D7-4A6CB6904D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "67F7263F-113D-4BAE-B8CB-86A61531A2AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system."}, {"lang": "es", "value": "Ansible Tower en versiones anteriores a la 3.2.4 tiene un error en la gesti\u00f3n de administradores de sistema y organizaci\u00f3n que permite el escalado de privilegios. Los administradores de organizaci\u00f3n pueden restablecer la contrase\u00f1a de los administradores de sistema que son miembros de organizaciones, lo que permite que los administradores de organizaci\u00f3n accedan a todo el sistema."}], "id": "CVE-2018-1101", "lastModified": "2019-10-09T23:38:06.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-02T18:29:00.717", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2018-1101"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563492"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.ansible.com/security"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Secondary"}]}