Ansible Tower is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
Information
Ansible Ansible Tower 3.1.8
Exploit
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
References:
- Ansible Tower Home Page (ansible)
- Bug 1597069 - (CVE-2018-10884) CVE-2018-10884 ansible-tower: CSRF in awx/api/au (Redhat)
- CVE-2018-10884 (Redhat)