CVE-2018-1101

Опубликовано: 02 мая 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Ссылки

https://access.redhat.com/errata/RHSA-2018:1328
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1972
Third Party Advisory
https://access.redhat.com/security/cve/cve-2018-1101
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1563492
Issue Tracking
Third Party Advisory
https://www.ansible.com/security
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1328
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1972
Third Party Advisory
https://access.redhat.com/security/cve/cve-2018-1101
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1563492
Issue Tracking
Third Party Advisory
https://www.ansible.com/security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*

Версия до 3.2.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00432

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-266

CWE-521

Связанные уязвимости

CVE-2018-1101

CVSS3: 8

redhat

почти 8 лет назад

GHSA-hfwp-5v2g-2vvc