Vulnerabilities > CVE-2021-4112 - Files or Directories Accessible to External Parties vulnerability in Redhat products

CVSS 8.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

redhat

CWE-552

NVD

Published: 2022-08-25

Updated: 2023-02-12

Summary

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Ansible Tower 3.0 Redhat Ansible Automation Platform Early Access 2.0 Redhat Ansible Automation Platform Text Only Advisories - Redhat Ansible Automation Platform 2.0 Redhat Ansible Automation Platform 2.1	5
OS	Redhat Redhat Enterprise Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References