First published: Wed Dec 01 2021(Updated: )
A researcher found a trivial bypass for <a href="https://access.redhat.com/security/cve/CVE-2021-20253">CVE-2021-20253</a> by sending a mail to awx user, thereby leveraging postfix to create a folder, owned by awx, then placing a binary in that folder that lets a low privilege user to elevate to awx outside the isolation jail.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Ansible Automation Platform Early Access | =2.0 | |
Redhat Ansible Automation Platform Text-only Advisories | ||
Redhat Ansible Tower | =3.0 | |
Redhat Ansible Automation Platform | =2.0 | |
Redhat Ansible Automation Platform | =2.1 | |
Redhat Enterprise Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-4112.
The severity of CVE-2021-4112 is high.
CVE-2021-4112 impacts Ansible Tower by allowing an attacker to elevate privileges from a low privileged user to an AWX user outside the isolated environment.
The affected software versions include Redhat Ansible Automation Platform Early Access 2.0, Redhat Ansible Automation Platform Text-only Advisories, Redhat Ansible Tower 3.0, Redhat Ansible Automation Platform 2.0, and Redhat Ansible Automation Platform 2.1.
To mitigate CVE-2021-4112, update to the patched versions mentioned in the Red Hat Security Advisories RHSA-2022:0460 and RHSA-2022:0474.