Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbadanoiu/cve-2021-20253

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower
https://github.com/mbadanoiu/cve-2021-20253

0-day cve cve-2021-20253 cves local-privilege-escalation

Last synced: 2 days ago
JSON representation

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

Host: GitHub
URL: https://github.com/mbadanoiu/cve-2021-20253
Owner: mbadanoiu
Created: 2023-11-25T18:56:51.000Z (12 months ago)
Default Branch: main
Last Pushed: 2023-11-25T19:18:00.000Z (12 months ago)
Last Synced: 2023-11-25T21:25:35.873Z (12 months ago)
Topics: 0-day, cve, cve-2021-20253, cves, local-privilege-escalation
Homepage:
Size: 916 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://access.redhat.com/security/cve/cve-2021-20253).

### Requirements:

This vulnerability requires:

- Being able to execute commands in isolation environment in Ansible Tower
- Having low privileged access to the OS

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-20253/blob/main/Ansible%20Tower%20Disclosures%20-%20CVE-2021-20253.pdf).