Local Ansible Automation Platform privilege escalation flaw (CVE-2022-2568)

[tokyoghoul]

Ansible Automation Platform privilege escalation flaw (CVE-2022-2568)
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.

https://github.com/Markakd/CVE-2022-2588

 

[baburao]

Check this as well bro https://github.com/Bonfee/CVE-2022-25636

This is also good exploit

 

[tokyoghoul]

not linked with the one at hand.

 

[baburao]

but can be chained together.

 

[grabuzzorm]

Thanks Tokyoghoul for the info always useful to exploit ansible misconfiguration

 

[baburao]

yes bro i too like fucking ansible misconfiguration

 

[baburao]

grabuzzorm​

bro do you got any other exploit for ansible misconfiguration any custom one ?