CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-10884

HIGH
8.8
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile21.56th
Published2018年8月22日
Last Modified2024年11月21日

Vulnerability Description

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.

Affected Platforms (CPE)

📦
Redhat

Ansible Tower

>= 3.1.0 and <= 3.1.8
📦
Redhat

Ansible Tower

>= 3.2.0 and <= 3.2.6

References & Advisories

🔗 http://www.securityfocus.com/bid/105136
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884
🔗 http://www.securityfocus.com/bid/105136
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884

関連する脆弱性情報

CVE-2018-168799.8

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel setting...

CVE-2019-103108.8

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstall...

CVE-2018-11048.8

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template ...

CVE-2019-103118.8

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#...

CVE-2018-10884 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space