CVE-2018-1104

HIGH

8.8

CVSS Severity Score

EPSS Score0.0190%

EPSS Percentile38.60th

PublishedMay 2, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.

Affected Platforms (CPE)

📦

Redhat

Ansible Tower

<= 3.2.3

📦

Redhat

Cloudforms

= 4.5

📦

Redhat

Cloudforms

= 4.6

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2018:1328

🔗 https://access.redhat.com/errata/RHSA-2018:1972

🔗 https://access.redhat.com/security/cve/cve-2018-1104

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1565862

🔗 https://www.ansible.com/security

🔗 https://access.redhat.com/errata/RHSA-2018:1328

🔗 https://access.redhat.com/errata/RHSA-2018:1972

🔗 https://access.redhat.com/security/cve/cve-2018-1104

Vulnerability Description

Affected Platforms (CPE)

Ansible Tower

Cloudforms

Cloudforms

References & Advisories

Related Vulnerabilities