CVE-2017-12148 — Improper Input Validation in Redhat Ansible Tower

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.2HIGHNVD

CNA8.4

EPSS

0.4%

top 37.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Tower RED HAT Ansible Tower Redhat Cloudforms

Timeline

PublishedJul 27

Latest updateMay 13

Description

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDredhat/ansible_tower< 3.1.5+1

▶CVEListV5red_hat/ansible_tower3.1.5, 3.2.0+1

▶NVDredhat/cloudforms4.5

🔴Vulnerability Details

GHSA

GHSA-fxg8-q29x-8w2q: A flaw was found in Ansible Tower's interface before 3↗2022-05-13

▶

CVEList

CVE-2017-12148: A flaw was found in Ansible Tower's interface before 3↗2018-07-27

▶

📋Vendor Advisories

Red Hat

Tower: modification of git hooks in SCM repo via upstream playbook execution↗2017-09-19

▶

💬Community

Bugzilla

CVE-2017-12148 Ansible Tower:modification of git hooks in SCM repo via upstream playbook execution↗2017-08-25

▶