{"containers": {"cna": {"affected": [{"product": "Ansible Tower", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "through version 3.2.3"}]}], "datePublic": "2018-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-26T09:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ansible.com/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"name": "RHSA-2018:1972", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"name": "RHSA-2018:1328", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2018-1104"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-04-27T00:00:00", "ID": "CVE-2018-1104", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ansible Tower", "version": {"version_data": [{"version_value": "through version 3.2.3"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://www.ansible.com/security", "refsource": "CONFIRM", "url": "https://www.ansible.com/security"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"name": "RHSA-2018:1972", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"name": "RHSA-2018:1328", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"name": "https://access.redhat.com/security/cve/cve-2018-1104", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2018-1104"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ansible.com/security"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"name": "RHSA-2018:1972", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"name": "RHSA-2018:1328", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2018-1104"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1104", "datePublished": "2018-05-02T19:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-16T19:09:02.633Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "C796B714-EA6E-4DFC-9467-9DC40110E053", "versionEndIncluding": "3.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E1BA91-4695-4E64-A9D7-4A6CB6904D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "67F7263F-113D-4BAE-B8CB-86A61531A2AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."}, {"lang": "es", "value": "Ansible Tower hasta la versi\u00f3n 3.2.3 tiene una vulnerabilidad que permite que usuarios que solo tienen acceso para definir variables para una plantilla de trabajo ejecuten c\u00f3digo arbitrario en el servidor Tower."}], "id": "CVE-2018-1104", "lastModified": "2024-11-21T03:59:11.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-02T19:29:00.607", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2018-1104"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.ansible.com/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2018-1104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ansible.com/security"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Simon Vikstr\u00f6m for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "ansible-0:2.4.4.0-1.el7ae", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "ansible-tower-0:3.1.7-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-0:5.8.4.5-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-appliance-0:5.8.4.5-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-gemset-0:5.8.4.5-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "python-paramiko-0:2.1.1-4.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1972", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-json-0:2.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-06-25T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "ansible-0:2.4.4.0-1.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "ansible-tower-0:3.2.4-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-0:5.9.2.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-amazon-smartstate-0:5.9.2.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-appliance-0:5.9.2.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-gemset-0:5.9.2.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "dbus-api-service-0:1.0.1-3.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "httpd-configmap-generator-0:0.2.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "postgresql96-0:9.6.6-1PGDG.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-paramiko-0:2.1.1-4.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-json-0:2.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}, {"advisory": "RHSA-2018:1328", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-qpid_proton-0:0.22.0-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-05-07T00:00:00Z"}], "bugzilla": {"description": "ansible-tower: Remote code execution by users with access to define variables in job templates", "id": "1565862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565862"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.", "Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server."], "name": "CVE-2018-1104", "public_date": "2018-04-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1104\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1104"], "threat_severity": "Important", "upstream_fix": "ansible-tower 3.1.6, ansible-tower 3.2.4"}