CVE-2021-20253

CVE-2021-20253

Vendor N/A
Product ansible-tower
Weakness CWE-552 · Files accessible externally
Published March 9, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Key dates

02Disclosure timeline

March 9, 2021 CVE published
August 3, 2024 Record updated