All the vulnerabilites related to Red Hat - Red Hat Ansible Automation Platform 2.5 for RHEL 9
cve-2024-11483
Vulnerability from cvelistv5
Published
2024-11-25 03:54
Modified
2025-04-02 06:03
Severity ?
EPSS score ?
Summary
Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:11145 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11483 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2327579 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44 |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:15:47.886009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:15:57.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/django-ansible-base",
"defaultStatus": "unaffected",
"packageName": "django-ansible-base",
"versions": [
{
"lessThanOrEqual": "v2024.10.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.20241218-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.20241218-1.el9ap",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank David Newswanger (RedHat) and Rick Elrod (RedHat) for reporting this issue."
}
],
"datePublic": "2024-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user\u2019s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T06:03:20.689Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:11145",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:11145"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-11483"
},
{
"name": "RHBZ#2327579",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327579"
},
{
"url": "https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T08:03:10.145000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5",
"x_redhatCweChain": "CWE-284: Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-11483",
"datePublished": "2024-11-25T03:54:34.342Z",
"dateReserved": "2024-11-20T08:09:27.275Z",
"dateUpdated": "2025-04-02T06:03:20.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10033
Vulnerability from cvelistv5
Published
2024-10-16 16:59
Modified
2025-03-26 04:19
Severity ?
EPSS score ?
Summary
Aap-gateway: xss on aap-gateway
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:8534 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-10033 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2319162 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:37:00.293002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T17:56:50.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "unaffected",
"packageName": "aap-gateway",
"versions": [
{
"lessThan": "2.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.3-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.3-1.el9ap",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Rick Elrod (Red Hat)."
}
],
"datePublic": "2024-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T04:19:11.949Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:8534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8534"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10033"
},
{
"name": "RHBZ#2319162",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-16T13:44:08.666000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Aap-gateway: xss on aap-gateway",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-10033",
"datePublished": "2024-10-16T16:59:43.968Z",
"dateReserved": "2024-10-16T13:48:55.226Z",
"dateUpdated": "2025-03-26T04:19:11.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-2877
Vulnerability from cvelistv5
Published
2025-03-28 14:05
Modified
2025-05-22 21:14
Severity ?
EPSS score ?
Summary
Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:3636 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:3637 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-2877 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2355540 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:31:03.979042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:31:12.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible-rulebook",
"defaultStatus": "unaffected",
"packageName": "ansible-rulebook",
"versions": [
{
"lessThan": "1.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-rulebook",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.8-2.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-rulebook",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.8-2.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-rulebook",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.4-2.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-rulebook",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.4-2.el9ap",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ansible Automation Platform\u0027s Event-Driven Ansible. In configurations where verbosity is set to \"debug\", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any \"debug\" action in a rulebook and also affects Event Streams."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1295",
"description": "Debug Messages Revealing Unnecessary Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T21:14:10.214Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:3636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3636"
},
{
"name": "RHSA-2025:3637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3637"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-2877"
},
{
"name": "RHBZ#2355540",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355540"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-27T16:59:44.171000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-03-25T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-1295: Debug Messages Revealing Unnecessary Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-2877",
"datePublished": "2025-03-28T14:05:18.308Z",
"dateReserved": "2025-03-27T17:06:26.480Z",
"dateUpdated": "2025-05-22T21:14:10.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8775
Vulnerability from cvelistv5
Published
2024-09-14 02:15
Modified
2025-03-14 14:43
Severity ?
EPSS score ?
Summary
Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10762 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8969 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9894 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1249 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-8775 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2312119 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/advisories/GHSA-jpxc-vmjf-9fcj |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:21:23.423396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:29:01.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "unaffected",
"packageName": "ansible-core",
"versions": [
{
"lessThanOrEqual": "2.17.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.2.0-91",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.0.1-95",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-29-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.9.27-32",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.17.6-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.17.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/o:redhat:discovery:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Discovery 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12.0-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/o:redhat:discovery:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Discovery 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12.0-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.13-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.13-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.13-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.13-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:1"
],
"defaultStatus": "affected",
"packageName": "rhelai1/bootc-nvidia-rhel9",
"product": "Red Hat Enterprise Linux AI (RHEL AI)",
"vendor": "Red Hat"
}
],
"datePublic": "2024-09-13T08:35:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T14:43:44.402Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:10762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"name": "RHSA-2024:8969",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8969"
},
{
"name": "RHSA-2024:9894",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9894"
},
{
"name": "RHSA-2025:1249",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1249"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-8775"
},
{
"name": "RHBZ#2312119",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
},
{
"url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-13T08:31:27.781000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-09-13T08:35:00+00:00",
"value": "Made public."
}
],
"title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-8775",
"datePublished": "2024-09-14T02:15:14.907Z",
"dateReserved": "2024-09-13T09:06:07.367Z",
"dateUpdated": "2025-03-14T14:43:44.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11079
Vulnerability from cvelistv5
Published
2024-11-11 23:32
Modified
2025-03-14 11:37
Severity ?
EPSS score ?
Summary
Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10770 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:11145 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11079 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2325171 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:41:52.352926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:42:14.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "unaffected",
"packageName": "ansible-core",
"versions": [
{
"lessThanOrEqual": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el8",
"cpe:/a:redhat:ansible_automation_platform:ee::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.2.0-93",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el8",
"cpe:/a:redhat:ansible_automation_platform:ee::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.0.1-108",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el8",
"cpe:/a:redhat:ansible_automation_platform:ee::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-29-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.9.27-34",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el8",
"cpe:/a:redhat:ansible_automation_platform:ee::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.14.13-23",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el8",
"cpe:/a:redhat:ansible_automation_platform:ee::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.15.13-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.14-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.14-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:1"
],
"defaultStatus": "affected",
"packageName": "rhelai1/bootc-azure-nvidia-rhel9",
"product": "Red Hat Enterprise Linux AI (RHEL AI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:1"
],
"defaultStatus": "affected",
"packageName": "rhelai1/bootc-nvidia-rhel9",
"product": "Red Hat Enterprise Linux AI (RHEL AI)",
"vendor": "Red Hat"
}
],
"datePublic": "2024-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T11:37:35.688Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:10770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:10770"
},
{
"name": "RHSA-2024:11145",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:11145"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-11079"
},
{
"name": "RHBZ#2325171",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325171"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-11T11:43:42.603000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-11T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Ansible-core: unsafe tagging bypass via hostvars object in ansible-core",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, avoid using the hostvars object to reference content marked as !unsafe. Ensure that all remote data from modules or lookups is properly sanitized and validated before use in playbooks. Additionally, restrict access to inventory files and Ansible playbooks to trusted users to minimize exploitation risks."
}
],
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-11079",
"datePublished": "2024-11-11T23:32:55.539Z",
"dateReserved": "2024-11-11T11:57:21.806Z",
"dateUpdated": "2025-03-14T11:37:35.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1801
Vulnerability from cvelistv5
Published
2025-03-03 15:03
Modified
2025-05-21 19:15
Severity ?
EPSS score ?
Summary
Aap-gateway: aap-gateway privilege escalation
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:1954 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-1801 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2349081 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T15:16:01.168075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T15:16:20.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://ansible.com",
"defaultStatus": "unaffected",
"packageName": "automation-gateway",
"versions": [
{
"lessThan": "2.5.20250305-1",
"status": "affected",
"version": "2.5.0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.20250305-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.20250305-1.el9ap",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chris Meyers (Red Hat) and Elijah DeLee (Red Hat)."
}
],
"datePublic": "2025-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:15:20.949Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:1954",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1954"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-1801"
},
{
"name": "RHBZ#2349081",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349081"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T20:34:52.617000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-03-01T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Aap-gateway: aap-gateway privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "Follow the mitigation steps to avoid the flaw from happening. It is recommended to update the product after the fix is available.\n\n\n1) set GRPC_SERVER_MAX_THREADS_PER_PROCESS = 1\n\nThis mitigates problems going FORWARD for the issue because there is only one thread using the ExternalAuth() object instantiated by the parent process. This eliminates the thread safety risk as the worker only processes one request at a time.\n\n2) It is possible that at any time since the install/upgrade of AAP 2.5, that long lived Oauth tokens created in the components with the endpoints could implicate long term access to a different user\u0027s identity/privileges. Requests made with these tokens will appear to be from the user for which they were created and are indistinguishable from \u201cvalid\u201d tokens that were created by the correct user:\n\n/api/controller/v2/tokens/\n/api/controller/v2/applications/\u003cid\u003e/tokens/\n/api/galaxy/v3/auth/token/\n/api/controller/o/token/\n\nBecause it is likely not feasible to back trace every request that could have generated a token to its original request in the GRPC server, the most conservative and safe path to mitigate this risk would be to invalidate/revoke all existing oauth tokens in the components (hub, controller, eda)."
}
],
"x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-1801",
"datePublished": "2025-03-03T15:03:15.439Z",
"dateReserved": "2025-02-28T20:42:32.553Z",
"dateUpdated": "2025-05-21T19:15:20.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9902
Vulnerability from cvelistv5
Published
2024-11-06 09:56
Modified
2025-02-25 20:05
Severity ?
EPSS score ?
Summary
Ansible-core: ansible-core user may read/write unauthorized content
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10762 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8969 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9894 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1861 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-9902 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2318271 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T14:20:56.915379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:21:06.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "unaffected",
"packageName": "ansible-core",
"versions": [
{
"lessThan": "2.14.18rc1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.15.13rc1",
"status": "affected",
"version": "2.15.0b1",
"versionType": "custom"
},
{
"lessThan": "2.16.13rc1",
"status": "affected",
"version": "2.16.0b1",
"versionType": "custom"
},
{
"lessThan": "2.17.6rc1",
"status": "affected",
"version": "2.17.0b1",
"versionType": "custom"
},
{
"lessThan": "2.18.0rc2",
"status": "affected",
"version": "2.18.0b1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.2.0-91",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.0.1-95",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-29-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.9.27-32",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.18.0-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:ee::el9",
"cpe:/a:redhat:ansible_automation_platform:ee::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.16.13-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.13-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.13-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.13-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.13-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"packageName": "openstack-ansible-core",
"product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.14.2-4.6.el9ost",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Matt Clay for reporting this issue."
}
],
"datePublic": "2024-11-06T06:11:25.611Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:05:07.738Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:10762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"name": "RHSA-2024:8969",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8969"
},
{
"name": "RHSA-2024:9894",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9894"
},
{
"name": "RHSA-2025:1861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1861"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-9902"
},
{
"name": "RHBZ#2318271",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-12T02:41:32.581000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-06T06:11:25.611000+00:00",
"value": "Made public."
}
],
"title": "Ansible-core: ansible-core user may read/write unauthorized content",
"workarounds": [
{
"lang": "en",
"value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"
}
],
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-9902",
"datePublished": "2024-11-06T09:56:54.505Z",
"dateReserved": "2024-10-12T02:46:57.580Z",
"dateUpdated": "2025-02-25T20:05:07.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}