A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with change user permissions to modify the account settings of the superuser account and also remove the superuser privileges.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ansible_automation_platform | Redhat | 2.1 (including) | 2.1 (including) |
| Red Hat Ansible Automation Platform 2.1 for RHEL 8 | RedHat | python-galaxy-ng-0:4.4.4-1.el8pc | * |
| Red Hat Ansible Automation Platform 2.2 for RHEL 8 | RedHat | python3x-galaxy-ng-0:4.5.0-4.el8ap | * |
| Red Hat Ansible Automation Platform 2.2 for RHEL 9 | RedHat | python-galaxy-ng-0:4.5.0-4.el9ap | * |
| Ansible | Ubuntu | bionic | * |
| Ansible | Ubuntu | kinetic | * |
| Ansible | Ubuntu | lunar | * |
| Ansible | Ubuntu | mantic | * |
| Ansible | Ubuntu | trusty | * |
| Ansible | Ubuntu | xenial | * |
| Ansible-core | Ubuntu | kinetic | * |
| Ansible-core | Ubuntu | lunar | * |
| Ansible-core | Ubuntu | mantic | * |