RHSA-2021:0778: Important: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update
Security Fix(es): Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 Upgraded to a more recent version of nginx to address CVE-2019-20372 Upgraded to a more recent version of autobahn to address CVE-2020-35678 Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:0778?
The severity of RHSA-2021:0778 is primarily focused on addressing vulnerabilities that could allow unauthorized privilege escalation to the awx user.
How do I fix RHSA-2021:0778?
To fix RHSA-2021:0778, you should apply the recommended updates available for the affected software.
What vulnerabilities are addressed in RHSA-2021:0778?
RHSA-2021:0778 addresses a privilege escalation issue associated with CVE-2021-20253 and upgrades to resolve CVE-2019-20372.
Who is affected by RHSA-2021:0778?
Users and administrators of the affected Red Hat software who have configured isolated environments are at risk with RHSA-2021:0778.
Is it safe to use affected software after RHSA-2021:0778?
It is advised to update the affected software as outlined in RHSA-2021:0778 to mitigate the vulnerabilities before continuing safe usage.