Bug 2327579 (CVE-2024-11483)

Summary: CVE-2024-11483 automation-gateway: aap-gateway: Improper Scope Handling in OAuth2 Tokens for AAP 2.5
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: brking, haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, kegrant, koliveir, kshier, mabashia, pbraun, shvarugh, simaishi, smcdonal, stcannon, teagle, tfister, thavo, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2024-11-20 08:11:31 UTC 
The vulnerability allows a user to bypass OAuth2 scope restrictions on their tokens, escalating from read to write permissions. However, the impact is constrained by the user’s base permissions. Exploitation could be mitigated by following security best practices, such as limiting token privileges and minimizing the use of superuser tokens. The issue is moderate in severity because it only affects resource integrity within the same security context.
Comment 3 Abhishek Raj 2024-11-20 08:29:11 UTC 
Severity Description: Moderate

This vulnerability allows users to escalate their permissions from read to write, bypassing OAuth2 scope restrictions. However, the impact is limited to actions within the user’s existing permissions and does not expose sensitive data or disrupt system availability. Proper security practices, such as minimizing high-privilege token usage, can effectively mitigate the risk. While the issue requires remediation, it poses a moderate threat with manageable impact.
Comment 4 errata-xmlrpc 2024-12-16 18:52:54 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2024:11145 https://access.redhat.com/errata/RHSA-2024:11145