← back
CVE-2024-6840

Automation-controller: gain access to the k8s api server via job execution with container group

CVSS 6.6 MEDIUMEPSS 0.4%CWE-285
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
12 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
Affected products
automation-controllerRed Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 9

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2024:6428https://access.redhat.com/security/cve/CVE-2024-6840https://bugzilla.redhat.com/show_bug.cgi?id=2298492