Vulnerabilities > CVE-2021-20253 - Files or Directories Accessible to External Parties vulnerability in Redhat Ansible Tower

047910
CVSS 3.5 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
redhat
CWE-552

Summary

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerable Configurations

Part Description Count
Application
Redhat
125