CVE-2024-6840

2024-09-1217:15:05

CWE-285

redhat

web.nvd.nist.gov

authorization

ansible

privilegeescalation

k8s

apiserver

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

EPSS

Percentile

16.3%

JSON

An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via automountServiceAccountToken: true, resulting in privilege escalation to a service account.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "automation-controller",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.5.10-1.el8ap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "automation-controller",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.5.10-1.el9ap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
      "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
      "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
    ]
  }
]