Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability

Ansible Tower is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Information

Bugtraq ID: 105136
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 24 2018 12:00AM
Updated: Aug 24 2018 12:00AM
Credit: The vendor reported this issue.
Vulnerable:

Not Vulnerable: Ansible Ansible Tower 3.2.6
Ansible Ansible Tower 3.1.8

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

References:

Ansible Tower Home Page (ansible)
Bug 1597069 - (CVE-2018-10884) CVE-2018-10884 ansible-tower: CSRF in awx/api/au (Redhat)
CVE-2018-10884 (Redhat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit