{"containers": {"cna": {"affected": [{"product": "Ansible Tower", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "3.1.5"}, {"status": "affected", "version": "3.2.0"}]}], "datePublic": "2017-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:3005", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3005"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-12148", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ansible Tower", "version": {"version_data": [{"version_value": "3.1.5"}, {"version_value": "3.2.0"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as."}]}, "impact": {"cvss": [[{"vectorString": "8.4/CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:3005", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3005"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.619Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3005", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3005"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12148", "datePublished": "2018-07-27T16:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "matchCriteriaId": "F27EF98F-D341-400A-B3B7-1E934A0524FA", "versionEndExcluding": "3.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:scm_repositories:*:*:*", "matchCriteriaId": "9DA7BCC0-1E50-458C-B19E-AB89BD18D45C", "versionEndExcluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E1BA91-4695-4E64-A9D7-4A6CB6904D41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as."}, {"lang": "es", "value": "Se ha encontrado un fallo en la interfaz de Ansible Tower en versiones anteriores a la 3.1.5 y 3.2.0 con repositorios SCM. Si la definici\u00f3n de un proyecto de Tower (repositorio SCM) no tiene el flag \"delete before update\" marcado, un atacante con acceso commit al repositorio de origen del playbook upstream podr\u00eda crear un playbook troyano que, cuando es ejecutado por Tower, modifique el repositorio SCM comprobado para a\u00f1adiir hooks git. Estos hooks git podr\u00edan, a su vez, provocar una ejecuci\u00f3n arbitraria de comandos y c\u00f3digo a medida que la Torre de usuario se ejecuta."}], "id": "CVE-2017-12148", "lastModified": "2019-10-09T23:22:22.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-27T16:29:00.223", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3005"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Ryan Petrello (Red Hat).", "affected_release": [{"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "ansible-tower-0:3.1.5-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-0:5.8.2.3-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-appliance-0:5.8.2.3-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-gemset-0:5.8.2.3-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rabbitmq-server-0:3.6.9-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-ruby23-rubygem-nokogiri-0:1.8.1-2.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}, {"advisory": "RHSA-2017:3005", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "supervisor-0:3.1.4-1.el7", "product_name": "CloudForms Management Engine 5.8", "release_date": "2017-10-24T00:00:00Z"}], "bugzilla": {"description": "Tower: modification of git hooks in SCM repo via upstream playbook execution", "id": "1485474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485474"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.", "A flaw was found in Tower's interface with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as."], "name": "CVE-2017-12148", "package_state": [{"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Affected", "package_name": "security", "product_name": "Red Hat Ansible Tower 3"}], "public_date": "2017-09-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12148\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12148"], "threat_severity": "Important", "upstream_fix": "ansible_tower 3.1.5, ansible_tower 3.2.0"}