Bug 1485474 (CVE-2017-12148)
Summary: | CVE-2017-12148 Ansible Tower:modification of git hooks in SCM repo via upstream playbook execution | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | cpelland, dajohnso, dclarizi, gblomqui, gmainwar, gmccullo, gtanzill, hhudgeon, jfrey, jhardy, jlaska, jprause, kseifried, notting, obarenbo, roliveri, security-response-team, simaishi, yjog |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ansible_tower 3.1.5, ansible_tower 3.2.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Tower's interface with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-11 12:08:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1485484, 1485485, 1490002, 1490003, 1490004 | ||
Bug Blocks: | 1485482 |
Description
Kurt Seifried
2017-08-25 20:56:48 UTC
Acknowledgments: Name: Ryan Petrello (Red Hat) This issue has been addressed in the following products: CloudForms Management Engine 5.8 Via RHSA-2017:3005 https://access.redhat.com/errata/RHSA-2017:3005 |