The vulnerability allows a user to bypass OAuth2 scope restrictions on their tokens, escalating from read to write permissions. However, the impact is constrained by the user’s base permissions. Exploitation could be mitigated by following security best practices, such as limiting token privileges and minimizing the use of superuser tokens. The issue is moderate in severity because it only affects resource integrity within the same security context.
Severity Description: Moderate This vulnerability allows users to escalate their permissions from read to write, bypassing OAuth2 scope restrictions. However, the impact is limited to actions within the user’s existing permissions and does not expose sensitive data or disrupt system availability. Proper security practices, such as minimizing high-privilege token usage, can effectively mitigate the risk. While the issue requires remediation, it poses a moderate threat with manageable impact.
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.5 for RHEL 8 Red Hat Ansible Automation Platform 2.5 for RHEL 9 Via RHSA-2024:11145 https://access.redhat.com/errata/RHSA-2024:11145