Vulnerabilites related to Red Hat - Red Hat Ansible Automation Platform 2.5 for RHEL 9
cve-2024-11483
Vulnerability from cvelistv5
Published
2024-11-25 03:54
Modified
2024-12-18 03:58
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:11145 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11483 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2327579 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44 |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ v2024.10.17 |
|||||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11483", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T17:15:47.886009Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T17:15:57.221Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/django-ansible-base", defaultStatus: "unaffected", packageName: "django-ansible-base", versions: [ { lessThanOrEqual: "v2024.10.17", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.20241218-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.20241218-1.el9ap", versionType: "rpm", }, ], }, ], datePublic: "2024-11-20T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T03:58:12.673Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:11145", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11145", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11483", }, { name: "RHBZ#2327579", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327579", }, { url: "https://github.com/ansible/django-ansible-base/commit/845b3e1838cc0762a7f9f3e0379c5274519d9a44", }, ], timeline: [ { lang: "en", time: "2024-11-20T08:03:10.145000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-20T00:00:00+00:00", value: "Made public.", }, ], title: "Automation-gateway: improper scope handling in oauth2 tokens for aap 2.5", x_redhatCweChain: "CWE-284: Improper Access Control", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11483", datePublished: "2024-11-25T03:54:34.342Z", dateReserved: "2024-11-20T08:09:27.275Z", dateUpdated: "2024-12-18T03:58:12.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-10033
Vulnerability from cvelistv5
Published
2024-10-16 16:59
Modified
2025-03-26 04:19
Severity ?
EPSS score ?
Summary
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:8534 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-10033 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2319162 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
|||||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-10033", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-16T17:37:00.293002Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-16T17:56:50.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/ansible", defaultStatus: "unaffected", packageName: "aap-gateway", versions: [ { lessThan: "2.5.3", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.3-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.3-1.el9ap", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "This issue was discovered by Rick Elrod (Red Hat).", }, ], datePublic: "2024-10-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T04:19:11.949Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:8534", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8534", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-10033", }, { name: "RHBZ#2319162", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319162", }, ], timeline: [ { lang: "en", time: "2024-10-16T13:44:08.666000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-16T00:00:00+00:00", value: "Made public.", }, ], title: "Aap-gateway: xss on aap-gateway", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-10033", datePublished: "2024-10-16T16:59:43.968Z", dateReserved: "2024-10-16T13:48:55.226Z", dateUpdated: "2025-03-26T04:19:11.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8775
Vulnerability from cvelistv5
Published
2024-09-14 02:15
Modified
2025-03-14 14:43
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10762 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8969 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9894 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1249 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-8775 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2312119 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/advisories/GHSA-jpxc-vmjf-9fcj |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 1.0.0 ≤ 2.17.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8775", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-16T14:21:23.423396Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T14:29:01.960Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/ansible", defaultStatus: "unaffected", packageName: "ansible-core", versions: [ { lessThanOrEqual: "2.17.4", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2.0-91", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.0.1-95", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-29-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.9.27-32", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.17.6-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.17.6-2", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/o:redhat:discovery:1.0::el9", ], defaultStatus: "affected", packageName: "discovery/discovery-server-rhel9", product: "Discovery 1 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.12.0-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/o:redhat:discovery:1.0::el9", ], defaultStatus: "affected", packageName: "discovery/discovery-ui-rhel9", product: "Discovery 1 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.12.0-1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.15.13-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.15.13-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.13-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.13-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux_ai:1", ], defaultStatus: "affected", packageName: "rhelai1/bootc-nvidia-rhel9", product: "Red Hat Enterprise Linux AI (RHEL AI)", vendor: "Red Hat", }, ], datePublic: "2024-09-13T08:35:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T14:43:44.402Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10762", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10762", }, { name: "RHSA-2024:8969", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8969", }, { name: "RHSA-2024:9894", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9894", }, { name: "RHSA-2025:1249", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1249", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-8775", }, { name: "RHBZ#2312119", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312119", }, { url: "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj", }, ], timeline: [ { lang: "en", time: "2024-09-13T08:31:27.781000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-09-13T08:35:00+00:00", value: "Made public.", }, ], title: "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-532: Insertion of Sensitive Information into Log File", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-8775", datePublished: "2024-09-14T02:15:14.907Z", dateReserved: "2024-09-13T09:06:07.367Z", dateUpdated: "2025-03-14T14:43:44.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1801
Vulnerability from cvelistv5
Published
2025-03-03 15:03
Modified
2025-03-03 15:16
Severity ?
EPSS score ?
Summary
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:1954 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-1801 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2349081 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
Unaffected: 0:2.5.20250305-1.el8ap < * cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform:2.5::el8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1801", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-03T15:16:01.168075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-03T15:16:20.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.20250305-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", ], defaultStatus: "affected", packageName: "automation-gateway", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.5.20250305-1.el9ap", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "This issue was discovered by Chris Meyers (Red Hat) and Elijah DeLee (Red Hat).", }, ], datePublic: "2025-03-01T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T15:03:15.439Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:1954", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1954", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-1801", }, { name: "RHBZ#2349081", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2349081", }, ], timeline: [ { lang: "en", time: "2025-02-28T20:34:52.617000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-03-01T00:00:00+00:00", value: "Made public.", }, ], title: "Aap-gateway: aap-gateway privilege escalation", workarounds: [ { lang: "en", value: "Follow the mitigation steps to avoid the flaw from happening. It is recommended to update the product after the fix is available.\n\n\n1) set GRPC_SERVER_MAX_THREADS_PER_PROCESS = 1\n\nThis mitigates problems going FORWARD for the issue because there is only one thread using the ExternalAuth() object instantiated by the parent process. This eliminates the thread safety risk as the worker only processes one request at a time.\n\n2) It is possible that at any time since the install/upgrade of AAP 2.5, that long lived Oauth tokens created in the components with the endpoints could implicate long term access to a different user's identity/privileges. Requests made with these tokens will appear to be from the user for which they were created and are indistinguishable from “valid” tokens that were created by the correct user:\n\n/api/controller/v2/tokens/\n/api/controller/v2/applications/<id>/tokens/\n/api/galaxy/v3/auth/token/\n/api/controller/o/token/\n\nBecause it is likely not feasible to back trace every request that could have generated a token to its original request in the GRPC server, the most conservative and safe path to mitigate this risk would be to invalidate/revoke all existing oauth tokens in the components (hub, controller, eda).", }, ], x_redhatCweChain: "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-1801", datePublished: "2025-03-03T15:03:15.439Z", dateReserved: "2025-02-28T20:42:32.553Z", dateUpdated: "2025-03-03T15:16:20.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9902
Vulnerability from cvelistv5
Published
2024-11-06 09:56
Modified
2025-02-25 20:05
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10762 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:8969 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9894 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:1861 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-9902 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2318271 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 < 2.14.18rc1 Version: 2.15.0b1 < 2.15.13rc1 Version: 2.16.0b1 < 2.16.13rc1 Version: 2.17.0b1 < 2.17.6rc1 Version: 2.18.0b1 < 2.18.0rc2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9902", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T14:20:56.915379Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T14:21:06.565Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/ansible", defaultStatus: "unaffected", packageName: "ansible-core", versions: [ { lessThan: "2.14.18rc1", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2.15.13rc1", status: "affected", version: "2.15.0b1", versionType: "custom", }, { lessThan: "2.16.13rc1", status: "affected", version: "2.16.0b1", versionType: "custom", }, { lessThan: "2.17.6rc1", status: "affected", version: "2.17.0b1", versionType: "custom", }, { lessThan: "2.18.0rc2", status: "affected", version: "2.18.0b1", versionType: "custom", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2.0-91", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.0.1-95", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-29-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.9.27-32", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.18.0-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.16.13-2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.15.13-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.4 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.15.13-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.13-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.13-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openstack:17.1::el9", ], defaultStatus: "affected", packageName: "openstack-ansible-core", product: "Red Hat OpenStack Platform 17.1 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.14.2-4.6.el9ost", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Matt Clay for reporting this issue.", }, ], datePublic: "2024-11-06T06:11:25.611Z", descriptions: [ { lang: "en", value: "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T20:05:07.738Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10762", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10762", }, { name: "RHSA-2024:8969", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8969", }, { name: "RHSA-2024:9894", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9894", }, { name: "RHSA-2025:1861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1861", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9902", }, { name: "RHBZ#2318271", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318271", }, ], timeline: [ { lang: "en", time: "2024-10-12T02:41:32.581000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-06T06:11:25.611000+00:00", value: "Made public.", }, ], title: "Ansible-core: ansible-core user may read/write unauthorized content", workarounds: [ { lang: "en", value: "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent", }, ], x_redhatCweChain: "CWE-863: Incorrect Authorization", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9902", datePublished: "2024-11-06T09:56:54.505Z", dateReserved: "2024-10-12T02:46:57.580Z", dateUpdated: "2025-02-25T20:05:07.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11079
Vulnerability from cvelistv5
Published
2024-11-11 23:32
Modified
2025-03-14 11:37
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:10770 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:11145 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11079 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2325171 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ 2.18.0 |
||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11079", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T14:41:52.352926Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T14:42:14.546Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/ansible/ansible", defaultStatus: "unaffected", packageName: "ansible-core", versions: [ { lessThanOrEqual: "2.18.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2.0-93", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ansible-builder-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3.0.1-108", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-29-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.9.27-34", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel8", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.14.13-23", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:ee::el8", "cpe:/a:redhat:ansible_automation_platform:ee::el9", ], defaultStatus: "affected", packageName: "ansible-automation-platform/ee-minimal-rhel9", product: "Ansible Automation Platform Execution Environments", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2.15.13-4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.14-1.el8ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", ], defaultStatus: "affected", packageName: "ansible-core", product: "Red Hat Ansible Automation Platform 2.5 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.16.14-1.el9ap", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux_ai:1", ], defaultStatus: "affected", packageName: "rhelai1/bootc-azure-nvidia-rhel9", product: "Red Hat Enterprise Linux AI (RHEL AI)", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux_ai:1", ], defaultStatus: "affected", packageName: "rhelai1/bootc-nvidia-rhel9", product: "Red Hat Enterprise Linux AI (RHEL AI)", vendor: "Red Hat", }, ], datePublic: "2024-11-11T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T11:37:35.688Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10770", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10770", }, { name: "RHSA-2024:11145", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11145", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11079", }, { name: "RHBZ#2325171", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2325171", }, ], timeline: [ { lang: "en", time: "2024-11-11T11:43:42.603000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-11T00:00:00+00:00", value: "Made public.", }, ], title: "Ansible-core: unsafe tagging bypass via hostvars object in ansible-core", workarounds: [ { lang: "en", value: "To mitigate this vulnerability, avoid using the hostvars object to reference content marked as !unsafe. Ensure that all remote data from modules or lookups is properly sanitized and validated before use in playbooks. Additionally, restrict access to inventory files and Ansible playbooks to trusted users to minimize exploitation risks.", }, ], x_redhatCweChain: "CWE-20: Improper Input Validation", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11079", datePublished: "2024-11-11T23:32:55.539Z", dateReserved: "2024-11-11T11:57:21.806Z", dateUpdated: "2025-03-14T11:37:35.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }