CVE-2021-20253

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: Mar 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20253
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 3.5
AV:L/AC:H/Au:S/C:P/I:P/A:P

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
redhat / ansible_tower	3.8.0	3.8.2
redhat / ansible_tower	3.7.0	3.7.5
redhat / ansible_tower	-	3.6.7

https://bugzilla.redhat.com/show_bug.cgi?id=1928847

Vulnerability Database

289,689

CVE-2021-20253