7.2

CVE-2018-1101

EPSS 0.46%
Veröffentlicht 02.05.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:59:11
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Ansible Tower Version < 3.2.4

Redhat ≫ Cloudforms Version4.5

Redhat ≫ Cloudforms Version4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.629

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

https://access.redhat.com/errata/RHSA-2018:1328

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1972

Third Party Advisory

https://access.redhat.com/security/cve/cve-2018-1101

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1563492

Third Party Advisory

Issue Tracking

https://www.ansible.com/security

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1101

EUVD