CVE-2024-11483
CVSS 3.1 Score 5.0 of 10 (medium)
Details
Published Nov 25, 2024
CWE ID 284
Summary
CVE-2024-11483 is a newly discovered vulnerability in the Ansible Automation Platform (AAP). This issue enables attackers to escalate privileges by misusing read-scoped OAuth2 tokens to gain write access. The flaw primarily affects API endpoints that utilize ansible_base.oauth2_provider for OAuth2 authentication. Although the impact is confined to actions within the user's assigned permissions, this vulnerability weakens scoped access controls, potentially leading to unintended modifications in applications and the consumption of services.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Red Hat Ansible Automation Platform
Affected Vendors
- Red Hat