CVE-2018-1101

HIGH

Ansible Tower <3.2.4 - Privilege Escalation

Title source: llm

Description

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

References (5)

[Vendor Advisory] https://www.ansible.com/security

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1563492

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1972

[Third Party Advisory] https://access.redhat.com/security/cve/cve-2018-1101

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1328

Scores

CVSS v3 7.2

EPSS 0.0043

EPSS Percentile 62.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521 CWE-266

Status published

Products (3)

redhat/ansible_tower < 3.2.4

redhat/cloudforms 4.5

redhat/cloudforms 4.6

Published May 02, 2018

Tracked Since Feb 18, 2026