CVE-2024-11483
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-11483
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11483.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-11483
- Related
- Published
- 2024-11-25T04:15:03Z
- Modified
- 2025-01-15T05:04:39.223972Z
- Summary
- [none]
- Details
-
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
- References
Affected packages
Git / github.com/ansible/django-ansible-base
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ansible/django-ansible-base
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2024.*
2024.1.31
2024.10.17
2024.2.12
2024.4.12
2024.4.15
2024.4.18
2024.4.23
2024.4.25
2024.5.1
2024.5.16
2024.5.17
2024.5.18
2024.5.23
2024.5.31
2024.5.6
2024.6.11
2024.6.26
2024.6.6
2024.6.8
2024.7.1
2024.7.17
2024.8.1
2024.8.19
2024.8.22
2024.8.26
2024.8.28
2024.8.8
2024.8.9
2024.9.4