CVE-2017-12148
moderate-risk
Published 2018-07-27
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
Do I need to act?
-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10
High
NETWORK
/ LOW complexity
Affected Products (3)
Affected Vendors
References (4)
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3005
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:3005
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148
40
/ 100
moderate-risk
Severity
29/34 · Critical
Exploitability
2/34 · Minimal
Exposure
9/34 · Low