5
CVE-2024-11483
- EPSS 0.08%
- Veröffentlicht 25.11.2024 04:15:03
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/ansible/django-ansible-base
≫
Paket
django-ansible-base
Default Statusunaffected
Version <=
v2024.10.17
Version
0
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version
0:2.5.20241218-1.el8ap
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version
0:2.5.20241218-1.el9ap
Version <
*
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.232 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5 | 3.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.