CVE-2021-20253
published 2021-03-09CVE-2021-20253: A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low…
medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | ansible_tower | < 3.6.7 | 3.6.7 |
| redhat | ansible_tower | >= 3.7.0 < 3.7.5 | 3.7.5 |
| redhat | ansible_tower | >= 3.8.0 < 3.8.2 | 3.8.2 |