CVE-2017-12148

Published: Jul 27, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.

Affected (3)

Products: Redhat: Ansible Tower, Cloudforms

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible Tower	Before 3.1.5
Redhat Ansible Tower	Before 3.2.0
Redhat Cloudforms	Version 4.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://access.redhat.com/errata/RHSA-2017:3005

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2017:3005

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.