CVE-2021-20253

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1928847 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*

History

02 Jun 2021, 16:35

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 3.5
v3 : 6.7

Information

Published : 2021-03-09 18:15

Updated : 2024-02-04 21:23


NVD link : CVE-2021-20253

Mitre link : CVE-2021-20253

CVE.ORG link : CVE-2021-20253


JSON object : View

Products Affected

redhat

  • ansible_tower
CWE
CWE-552

Files or Directories Accessible to External Parties