Medium severity5.0NVD Advisory· Published Nov 25, 2024· Updated Apr 15, 2026

CVE-2024-11483

Description

A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.

Patches

845b3e1838cc

https://github.com/ansible/django-ansible-basevia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/errata/RHSA-2024:11145nvd
access.redhat.com/security/cve/CVE-2024-11483nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44nvd

News mentions

No linked articles in our index yet.

cvss	0.325
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000