{"containers": {"cna": {"affected": [{"product": "Red Hat Ansible Automation Platform", "vendor": "n/a", "versions": [{"status": "affected", "version": "2.2"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges."}], "problemTypes": [{"descriptions": [{"description": "Improper Privilege Management", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-18T19:28:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.967Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2568", "datePublished": "2022-08-18T19:28:20", "dateReserved": "2022-07-28T00:00:00", "dateUpdated": "2024-08-03T00:39:07.967Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E776BFA8-3F0B-46F3-9FC0-EA9D6EC5CC84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BBED0AAB-1971-4C72-9A76-6114E4F6235B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges."}, {"lang": "es", "value": "Se ha encontrado un fallo de escalada de privilegios en Ansible Automation Platform. Este fallo permite a un usuario remoto autenticado con permisos de tipo \"change user\" modificar la configuraci\u00f3n de la cuenta de superusuario y tambi\u00e9n eliminar los privilegios de superusuario."}], "id": "CVE-2022-2568", "lastModified": "2024-11-21T07:01:15.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-18T20:15:11.357", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:6078", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.1::el8", "package": "python-galaxy-ng-0:4.4.4-1.el8pc", "product_name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8", "release_date": "2022-08-16T00:00:00Z"}, {"advisory": "RHSA-2022:6079", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.2::el8", "package": "python3x-galaxy-ng-0:4.5.0-4.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.2 for RHEL 8", "release_date": "2022-08-16T00:00:00Z"}, {"advisory": "RHSA-2022:6079", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.2::el9", "package": "python-galaxy-ng-0:4.5.0-4.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.2 for RHEL 9", "release_date": "2022-08-16T00:00:00Z"}], "bugzilla": {"description": "Ansible: Logic flaw leads to privilage escalation", "id": "2108653", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-269", "details": ["A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.", "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges."], "name": "CVE-2022-2568", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "automation hub", "product_name": "Red Hat Ansible Automation Platform 1.2"}], "public_date": "2022-08-15T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2568\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2568"], "threat_severity": "Important"}