Skip to content

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2021-20253

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Being able to execute commands in isolation environment in Ansible Tower
  • Having low privileged access to the OS

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

Topics

Resources

Stars

Watchers

Forks