CVE-2021-4112

Summary

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

Affected Software

VendorProductVersion RangeStatus
n/aansible-towerFixed in ansible-tower 3.8.5affected

Weaknesses

  • CWE-552: CWE-552 - Files or Directories Accessible to External Parties

ADP Enrichment

CVE Program Container

Additional References

References