CVE-2018-1104 vulnerability in Red Hat Products
Published on May 2, 2018
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2018-1104
stack.watch emails you whenever new vulnerabilities are published in Red Hat Ansible Tower or Red Hat Cloudforms. Just hit a watch button to start following.
Affected Versions
Red Hat, Inc. Ansible Tower Version through version 3.2.3 is affected by CVE-2018-1104Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.