CVE-2022-2568 — Improper Privilege Management in Redhat Ansible Automation Platform

CWE-269 — Improper Privilege Management CWE-20 — Improper Input Validation6 documents6 sources

Severity

6.5MEDIUMNVD

CISA7.8

EPSS

0.2%

top 56.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Automation Platform

Timeline

PublishedAug 18

Latest updateSep 15

Description

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/ansible_automation_platform2.0, 2.1, 2.2+2

🔴Vulnerability Details

GHSA

GHSA-j928-ww9w-w7hg: A privilege escalation flaw was found in the Ansible Automation Platform↗2022-08-19

▶

CVEList

CVE-2022-2568: A privilege escalation flaw was found in the Ansible Automation Platform↗2022-08-18

▶

OSV

CVE-2022-2568: A privilege escalation flaw was found in the Ansible Automation Platform↗2022-08-18

▶

📋Vendor Advisories

CISA

Microsoft Windows Remote Code Execution Vulnerability↗2022-09-15

▶

Red Hat

Ansible: Logic flaw leads to privilage escalation↗2022-08-15

▶