CVE-2024-11483

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Nov 25, 2024
CWE ID 284

Summary

CVE-2024-11483 is a newly discovered vulnerability in the Ansible Automation Platform (AAP). This issue enables attackers to escalate privileges by misusing read-scoped OAuth2 tokens to gain write access. The flaw primarily affects API endpoints that utilize ansible_base.oauth2_provider for OAuth2 authentication. Although the impact is confined to actions within the user's assigned permissions, this vulnerability weakens scoped access controls, potentially leading to unintended modifications in applications and the consumption of services.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat Ansible Automation Platform

Affected Vendors

  • Red Hat