- Description
- A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5
- Impact score
- 1.4
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-284
- Hype score
- Not currently trending
CVE-2024-11483 Luka bezpieczeństwa w Ansible Automation Platform https://t.co/OCwBbzJXam
@PiotrW_CCIE
27 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11483 (Published: 2024-11-25) - A high-severity vulnerability in Ansible nan. Affects specific versions. Ensure you're on the latest release to mitigate risks. Check the remediation details here: https://t.co/SQwtJKlsP5 #CyberSecurity #Ansible
@transilienceai
27 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11483 (Published: 2024-11-25) - A high-severity vulnerability in Ansible nan. Affected versions can be exploited. For remediation, check the fix in the commit: [GitHub Link](https://t.co/SQwtJKlsP5). Stay secure! 🔒 #CyberSecurity #Ansible
@transilienceai
27 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11483 (Published: 2024-11-25) - A high-severity vulnerability in Ansible nan affects specific versions. Users are urged to update to the latest release to mitigate risks. For more details, check the commit: https://t.co/SQwtJKlsP5 #CyberSecurity #Ansible
@transilienceai
27 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11483 (Published: 2024-11-25) - A high-severity vulnerability in Ansible nan affects specific versions. Users are urged to update to the latest release to mitigate risks. For details, check the commit: https://t.co/SQwtJKlsP5 #CyberSecurity #Ansible
@transilienceai
27 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11483 (Published: 2024-11-25) - A moderate vulnerability affecting Red Hat products. Ensure your systems are updated to the latest versions to mitigate risks. For detailed remediation steps, visit: https://t.co/itcFMJnKW3. Stay secure! 🔒 #CyberSecurity #RedHat
@transilienceai
27 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11483 (Published: 2024-11-25) affects Red Hat products. This moderate vulnerability impacts specific versions. To safeguard your systems, ensure you apply the latest patches and updates. For detailed remediation steps, visit: https://t.co/itcFMJnKW3 #CyberSecurity… ht
@transilienceai
27 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11483 A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 toke… https://t.co/fNowmaYdwM
@CVEnew
25 Nov 2024
606 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes