RHSA-2021:0779: Red Hat Security Advisory: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update

Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Security Fix(es):

• Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
• Upgraded to a more recent version of autobahn to address CVE-2020-35678.
• Upgraded to a more recent version of nginx to address CVE-2019-20372. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
• Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
• Improved analytics collection to collect the playbook status for all hosts in a playbook run Related CVEs:
• CVE-2019-20372: nginx: HTTP request smuggling in configurations with URL redirect used as error_page
• CVE-2020-35678: python-autobahn: allows redirect header injection
• CVE-2021-20253: ansible-tower: Privilege escalation via job isolation escape