CVE-2018-1104

Published: May 2, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.

Vendor	Product	Versions
Red Hat, Inc.	Ansible Tower	affected `through version 3.2.3`

Weaknesses (CWE)

CWE-20

References

https://www.ansible.com/security

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1565862

x_refsource_CONFIRM

RHSA-2018:1972

vendor-advisory

x_refsource_REDHAT

RHSA-2018:1328

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/cve-2018-1104

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1104

Description

Affected Products

Weaknesses (CWE)

References