CVE-2015-1368

Ansible Tower < 2.0.5 - Cross-Site Scripting via Multiple API Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1368. PoCs published by SEC Consult.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in Ansible Tower <=2.0.2, including privilege escalation via the 'is_superuser' parameter, reflected XSS in API endpoints, and unauthenticated WebSocket connections leading to information leakage. Proof-of-concept requests and steps are provided for each vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappsmultiple

https://www.exploit-db.com/exploits/35786

View Code ZIP pw:eip

The advisory details multiple vulnerabilities in Ansible Tower <=2.0.2, including privilege escalation via the 'is_superuser' parameter, reflected XSS in API endpoints, and unauthenticated WebSocket connections leading to information leakage. Proof-of-concept requests and steps are provided for each vulnerability.

Classification

Writeup 100%

Attack Type

Lpe | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ansible Tower <=2.0.2

Auth required

Prerequisites: Organization admin access for privilege escalation · Network access to the target for XSS and WebSocket exploitation

MITRE ATT&CK