This site requires JavaScript to be enabled to function correctly, please enable it.
Summary:
CVE-2018-10884 ansible-tower: CSRF in awx/api/authentication.py allows for hijacking of the authtoken cookie
Product:
[Other] Security Response
Reporter:
Sam Fowler <sfowler>
Component:
vulnerability Assignee:
Red Hat Product Security <security-response-team>
Status:
CLOSED
ERRATA
QA Contact:
Severity:
high
Docs Contact:
Priority:
high
Version:
unspecified CC:
abhgupta, btarraso, cpelland, dajohnso, dbaker, dmetzger, gblomqui, gmccullo, gtanzill, jhardy, jlaska, jokerman, jprause, kdixon, psampaio, roliveri, security-response-team, simaishi, sthangav, trankin
Target Milestone:
--- Keywords:
Security
Target Release:
---
Hardware:
All
OS:
Linux
Whiteboard:
Fixed In Version:
tower 3.1.8, tower 3.2.6
Doc Type:
If docs needed, set a value
Doc Text:
Story Points:
---
Clone Of:
Environment:
Last Closed:
2021-10-25 09:48:14 UTC
Type:
---
Regression:
---
Mount Type:
---
Documentation:
---
CRM:
Verified Versions:
Category:
---
oVirt Team:
---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:
---
Target Upstream Version:
Embargoed:
Bug Depends On:
1603086 , 1603087 , 1603088
Bug Blocks:
1597071