CVE-2024-6840

MEDIUM Year: 2024
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account.

Related Vulnerabilities

CVE-2015-10033

MEDIUM
CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. T...

CWE-2852015

CVE-2017-0896

MEDIUM
CVSS:6.5(Medium)

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite oth...

CWE-2852017

CVE-2017-0927

MEDIUM
CVSS:6.5(Medium)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

CWE-2852017

CVE-2017-2686

MEDIUM
CVSS:6.5(Medium)

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informati...

CWE-2852017