CVE-2018-1104 - OpenCVE

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Cloudforms Ansible Tower

Configuration 1 [-]

cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:cloudforms:4.5:::::::*
	cpe:2.3:a:redhat:cloudforms:4.6:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:1328	Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1972	Vendor Advisory
https://access.redhat.com/security/cve/cve-2018-1104	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1565862	Issue Tracking Vendor Advisory
https://www.ansible.com/security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-04-27T00:00:00

Updated: 2018-06-26T09:57:02

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1104

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-02T19:29:00.607

Modified: 2019-10-09T23:38:06.977

Link: CVE-2018-1104

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Ansible Tower", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "through version 3.2.3"}]}], "datePublic": "2018-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-26T09:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ansible.com/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"name": "RHSA-2018:1972", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"name": "RHSA-2018:1328", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2018-1104"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-04-27T00:00:00", "ID": "CVE-2018-1104", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ansible Tower", "version": {"version_data": [{"version_value": "through version 3.2.3"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://www.ansible.com/security", "refsource": "CONFIRM", "url": "https://www.ansible.com/security"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"name": "RHSA-2018:1972", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"name": "RHSA-2018:1328", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"name": "https://access.redhat.com/security/cve/cve-2018-1104", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2018-1104"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1104", "datePublished": "2018-04-27T00:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-06-26T09:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "C796B714-EA6E-4DFC-9467-9DC40110E053", "versionEndIncluding": "3.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E1BA91-4695-4E64-A9D7-4A6CB6904D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "67F7263F-113D-4BAE-B8CB-86A61531A2AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."}, {"lang": "es", "value": "Ansible Tower hasta la versi\u00f3n 3.2.3 tiene una vulnerabilidad que permite que usuarios que solo tienen acceso para definir variables para una plantilla de trabajo ejecuten c\u00f3digo arbitrario en el servidor Tower."}], "id": "CVE-2018-1104", "lastModified": "2019-10-09T23:38:06.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-02T19:29:00.607", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2018-1104"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.ansible.com/security"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}