Skip to content
/ CVE-2021-20253 Public

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2021-20253

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Ansible Tower Disclosures - CVE-2021-20253.pdf
Ansible Tower Disclosures - CVE-2021-20253.pdf
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Being able to execute commands in isolation environment in Ansible Tower
  • Having low privileged access to the OS

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

Topics

cve local-privilege-escalation cves 0-day cve-2021-20253

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository