Medium severity5.0OSV Advisory· Published Nov 25, 2024· Updated Apr 15, 2026
CVE-2024-11483
CVE-2024-11483
Description
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2024.1.31, 2024.10.17, 2024.2.12, …
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.