Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2021-20253
HistoryMar 09, 2021 - 5:14 p.m.

CVE-2021-20253

2021-03-0917:14:28
CWE-552
redhat
www.cve.org
3
ansible-tower
privilege escalation
data confidentiality

EPSS

0

Percentile

12.6%

JSON

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CNA Affected

[
  {
    "product": "ansible-tower",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ansible-tower 3.8.2, ansible-tower 3.7.5, ansible-tower 3.6.7"
      }
    ]
  }
]

Related

cve 1
nvd 1
redhatcve 1
prion 1
redhat 3
cve
cve
CVE-2021-20253
2021-03-09 18:15:15
nvd
nvd
CVE-2021-20253
2021-03-09 18:15:15
redhatcve
redhatcve
CVE-2021-20253
2021-03-08 21:33:32
prion
prion
Design/Logic Flaw
2021-03-09 18:15:00
redhat
redhat
(RHSA-2021:0779) Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update
2021-03-09 15:07:20
(RHSA-2021:0780) Important: Red Hat Ansible Tower 3.8.2-1 - Container security and bug fix update
2021-03-09 15:07:34
(RHSA-2021:0778) Important: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update
2021-03-09 15:06:59

EPSS

0

Percentile

12.6%

JSON
Related for CVELIST:CVE-2021-20253
cve1nvd1redhatcve1prion1redhat3