CVE-2021-4112

ansible-tower: Privilege escalation via job isolation escape

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.

Se ha encontrado un fallo en ansible-tower en el que la instalación por defecto es vulnerable al escape de aislamiento de trabajos. Este fallo permite a un atacante elevar el privilegio de un usuario con pocos privilegios a un usuario AWX desde fuera del entorno aislado.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a privilege escalation vulnerability.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-14 CVE Reserved
2022-02-09 CVE Published
2024-08-03 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-552: Files or Directories Accessible to External Parties

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-4112	2022-02-08
https://bugzilla.redhat.com/show_bug.cgi?id=2028121	2022-02-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Ansible Automation Platform Search vendor "Redhat" for product "Ansible Automation Platform"	2.0 Search vendor "Redhat" for product "Ansible Automation Platform" and version "2.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Ansible Automation Platform Search vendor "Redhat" for product "Ansible Automation Platform"	2.1 Search vendor "Redhat" for product "Ansible Automation Platform" and version "2.1"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"		Ansible Automation Platform Early Access Search vendor "Redhat" for product "Ansible Automation Platform Early Access"				2.0 Search vendor "Redhat" for product "Ansible Automation Platform Early Access" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Ansible Automation Platform Text-only Advisories Search vendor "Redhat" for product "Ansible Automation Platform Text-only Advisories"				-		-		Affected
Redhat Search vendor "Redhat"		Ansible Tower Search vendor "Redhat" for product "Ansible Tower"				3.0 Search vendor "Redhat" for product "Ansible Tower" and version "3.0"		-		Affected