cvedb.io
CVE-2018-1101
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2018-05-02T18:29:00.717 · Last modified 2026-06-17T01:50:28.970

Summary

Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.

Affected products

redhat — ansible_tower

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.