Skip to content

Commit

Permalink
3 changes (1 new | 2 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-11483
      - 2 updated CVEs: CVE-2024-2467, CVE-2024-9355
  • Loading branch information
cvelistV5 Github Action committed Nov 25, 2024
1 parent a2fb612 commit 3771687
Show file tree
Hide file tree
Showing 5 changed files with 159 additions and 73 deletions.
115 changes: 115 additions & 0 deletions cves/2024/11xxx/CVE-2024-11483.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-11483",
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"state": "PUBLISHED",
"assignerShortName": "redhat",
"dateReserved": "2024-11-20T08:09:27.275Z",
"datePublished": "2024-11-25T03:54:34.342Z",
"dateUpdated": "2024-11-25T03:54:34.342Z"
},
"containers": {
"cna": {
"title": "Automation-gateway: improper scope handling in oauth2 tokens for aap 2.5",
"metrics": [
{
"other": {
"content": {
"value": "Moderate",
"namespace": "https://access.redhat.com/security/updates/classification/"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services."
}
],
"affected": [
{
"vendor": "Red Hat",
"product": "Red Hat Ansible Automation Platform 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "automation-gateway",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11483",
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327579",
"name": "RHBZ#2327579",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
]
},
{
"url": "https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44"
}
],
"datePublic": "2024-11-20T00:00:00+00:00",
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"x_redhatCweChain": "CWE-284: Improper Access Control",
"timeline": [
{
"lang": "en",
"time": "2024-11-20T08:03:10.145000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "Made public."
}
],
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2024-11-25T03:54:34.342Z"
}
}
}
}
4 changes: 2 additions & 2 deletions cves/2024/2xxx/CVE-2024-2467.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2024-03-14T17:31:30.419Z",
"datePublished": "2024-04-25T16:45:02.948Z",
"dateUpdated": "2024-09-18T15:58:16.449Z"
"dateUpdated": "2024-11-25T03:59:50.725Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -158,7 +158,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2024-09-17T14:32:57.951Z"
"dateUpdated": "2024-11-25T03:59:50.725Z"
}
},
"adp": [
Expand Down
4 changes: 2 additions & 2 deletions cves/2024/9xxx/CVE-2024-9355.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2024-09-30T17:07:30.833Z",
"datePublished": "2024-10-01T18:17:29.420Z",
"dateUpdated": "2024-11-24T23:03:04.610Z"
"dateUpdated": "2024-11-25T03:54:36.483Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -1249,7 +1249,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2024-11-24T23:03:04.610Z"
"dateUpdated": "2024-11-25T03:54:36.483Z"
}
},
"adp": [
Expand Down
26 changes: 13 additions & 13 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,26 @@
{
"fetchTime": "2024-11-25T03:40:44.292Z",
"fetchTime": "2024-11-25T03:59:59.631Z",
"numberOfChanges": 3,
"new": [
{
"cveId": "CVE-2024-11653",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11653",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11653.json",
"dateUpdated": "2024-11-25T03:31:30.271Z"
"cveId": "CVE-2024-11483",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11483",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11483.json",
"dateUpdated": "2024-11-25T03:54:34.342Z"
}
],
"updated": [
{
"cveId": "CVE-2024-6508",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6508",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6508.json",
"dateUpdated": "2024-11-25T03:36:08.943Z"
"cveId": "CVE-2024-2467",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2467",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2467.json",
"dateUpdated": "2024-11-25T03:59:50.725Z"
},
{
"cveId": "CVE-2024-7409",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-7409",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/7xxx/CVE-2024-7409.json",
"dateUpdated": "2024-11-25T03:36:49.269Z"
"cveId": "CVE-2024-9355",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9355",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9355.json",
"dateUpdated": "2024-11-25T03:54:36.483Z"
}
],
"error": []
Expand Down
83 changes: 27 additions & 56 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,31 @@
[
{
"fetchTime": "2024-11-25T03:59:59.631Z",
"numberOfChanges": 3,
"new": [
{
"cveId": "CVE-2024-11483",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11483",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11483.json",
"dateUpdated": "2024-11-25T03:54:34.342Z"
}
],
"updated": [
{
"cveId": "CVE-2024-2467",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2467",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2467.json",
"dateUpdated": "2024-11-25T03:59:50.725Z"
},
{
"cveId": "CVE-2024-9355",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9355",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9355.json",
"dateUpdated": "2024-11-25T03:54:36.483Z"
}
],
"error": []
},
{
"fetchTime": "2024-11-25T03:40:44.292Z",
"numberOfChanges": 3,
Expand Down Expand Up @@ -149102,61 +149129,5 @@
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-10-26T03:59:40.261Z",
"numberOfChanges": 8,
"new": [],
"updated": [
{
"cveId": "CVE-2024-20275",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20275",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20275.json",
"dateUpdated": "2024-10-26T03:55:31.187Z"
},
{
"cveId": "CVE-2024-20329",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20329",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20329.json",
"dateUpdated": "2024-10-26T03:55:27.248Z"
},
{
"cveId": "CVE-2024-20370",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20370",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20370.json",
"dateUpdated": "2024-10-26T03:55:33.801Z"
},
{
"cveId": "CVE-2024-20374",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20374",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20374.json",
"dateUpdated": "2024-10-26T03:55:32.499Z"
},
{
"cveId": "CVE-2024-20412",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20412",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20412.json",
"dateUpdated": "2024-10-26T03:55:24.066Z"
},
{
"cveId": "CVE-2024-20424",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20424",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20424.json",
"dateUpdated": "2024-10-26T03:55:25.923Z"
},
{
"cveId": "CVE-2024-20482",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20482",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20482.json",
"dateUpdated": "2024-10-26T03:55:29.925Z"
},
{
"cveId": "CVE-2024-20485",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20485",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20485.json",
"dateUpdated": "2024-10-26T03:55:28.678Z"
}
],
"error": []
}
]

0 comments on commit 3771687

Please sign in to comment.