CVE-2024-11483

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform (AAP) (affected versions not specified) Ansible nan (affected versions not specified)

Description A vulnerability was found in the Ansible Automation Platform (AAP) and Ansible nan, allowing attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible base.oauth2 provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.