A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The vendor's disclosure and fix for this vulnerability can be found here.
This vulnerability requires:
- Being able to execute commands in isolation environment in Ansible Tower
- Having low privileged access to the OS
More details and the exploitation process can be found in this PDF.