CVE-2018-16879
https://notcve.org/view.php?id=CVE-2018-16879
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files. Ansible Tower en versiones anteriores a la 3.3.3 no establece un canal seguro, ya que utiliza los ajustes del canal de configuración inseguros por defecto para comunicarse con los trabajadores celery de RabbitMQ. Esto podría provocar el filtrado de información sensible, como pueden ser las contraseñas así como los ataques de denegación de servicio (DoS), borrando proyectos o archivos de inventario. • http://www.securityfocus.com/bid/106310 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16879 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2016-7070
https://notcve.org/view.php?id=CVE-2016-7070
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. Se ha encontrado un error de escalado de privilegios en Ansible Tower. Cuando Tower en versiones anteriores a la 3.0.3 despliega una base de datos PostgreSQL, configura incorrectamente el nivel de confianza del usuario postgres. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7070 https://docs.ansible.com/ansible-tower/3.0.3/html/upgrade-migration-guide/release_notes.html • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVE-2018-1104 – ansible-tower: Remote code execution by users with access to define variables in job templates
https://notcve.org/view.php?id=CVE-2018-1104
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. Ansible Tower hasta la versión 3.2.3 tiene una vulnerabilidad que permite que usuarios que solo tienen acceso para definir variables para una plantilla de trabajo ejecuten código arbitrario en el servidor Tower. • https://access.redhat.com/errata/RHSA-2018:1328 https://access.redhat.com/errata/RHSA-2018:1972 https://access.redhat.com/security/cve/cve-2018-1104 https://bugzilla.redhat.com/show_bug.cgi?id=1565862 https://www.ansible.com/security https://access.redhat.com/security/cve/CVE-2018-1104 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-1101 – ansible-tower: Privilege escalation flaw allows for organization admins to obtain system privileges
https://notcve.org/view.php?id=CVE-2018-1101
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. Ansible Tower en versiones anteriores a la 3.2.4 tiene un error en la gestión de administradores de sistema y organización que permite el escalado de privilegios. Los administradores de organización pueden restablecer la contraseña de los administradores de sistema que son miembros de organizaciones, lo que permite que los administradores de organización accedan a todo el sistema. Ansible Tower, before version 3.2.4, has a flaw in the management of system and organization administrators that allows for privilege escalation. • https://access.redhat.com/errata/RHSA-2018:1328 https://access.redhat.com/errata/RHSA-2018:1972 https://access.redhat.com/security/cve/cve-2018-1101 https://bugzilla.redhat.com/show_bug.cgi?id=1563492 https://www.ansible.com/security https://access.redhat.com/security/cve/CVE-2018-1101 • CWE-266: Incorrect Privilege Assignment CWE-521: Weak Password Requirements •
CVE-2017-12148 – Tower: modification of git hooks in SCM repo via upstream playbook execution
https://notcve.org/view.php?id=CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. Se ha encontrado un fallo en la interfaz de Ansible Tower en versiones anteriores a la 3.1.5 y 3.2.0 con repositorios SCM. Si la definición de un proyecto de Tower (repositorio SCM) no tiene el flag "delete before update" marcado, un atacante con acceso commit al repositorio de origen del playbook upstream podría crear un playbook troyano que, cuando es ejecutado por Tower, modifique el repositorio SCM comprobado para añadiir hooks git. • https://access.redhat.com/errata/RHSA-2017:3005 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148 https://access.redhat.com/security/cve/CVE-2017-12148 https://bugzilla.redhat.com/show_bug.cgi?id=1485474 • CWE-20: Improper Input Validation •