CVE Vulnerabilities

CVE-2022-2568

Improper Privilege Management

Published: Aug 18, 2022 | Modified: Feb 12, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.2 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with change user permissions to modify the account settings of the superuser account and also remove the superuser privileges.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Ansible_automation_platform Redhat 2.1 (including) 2.1 (including)
Red Hat Ansible Automation Platform 2.1 for RHEL 8 RedHat python-galaxy-ng-0:4.4.4-1.el8pc *
Red Hat Ansible Automation Platform 2.2 for RHEL 8 RedHat python3x-galaxy-ng-0:4.5.0-4.el8ap *
Red Hat Ansible Automation Platform 2.2 for RHEL 9 RedHat python-galaxy-ng-0:4.5.0-4.el9ap *
Ansible Ubuntu bionic *
Ansible Ubuntu kinetic *
Ansible Ubuntu lunar *
Ansible Ubuntu trusty *
Ansible Ubuntu xenial *
Ansible-core Ubuntu kinetic *
Ansible-core Ubuntu lunar *

Potential Mitigations

References