ByteOS Network

NVD Vulnerability Details :

CVE-2024-11483

Awaiting Analysis

Source-secalert@redhat.com

Published At-25 Nov, 2024 | 04:15

Updated At-18 Dec, 2024 | 04:15

A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.0	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-284	Secondary	secalert@redhat.com

CWE ID: CWE-284

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2024:11145	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/CVE-2024-11483	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2327579	secalert@redhat.com	N/A
https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44	secalert@redhat.com	N/A