Search criteria

48 vulnerabilities found for ansible_automation_platform by redhat

CVE-2025-57847 (GCVE-0-2025-57847)

Vulnerability from nvd – Published: 2026-04-08 13:55 – Updated: 2026-04-08 16:13
VLAI?
Title
Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions
Summary
A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
Date Public ?
2026-04-08 13:47
Credits
Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T15:42:54.958669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T16:13:23.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/de-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/de-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-29-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ansible-dev-tools-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/controller-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/de-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/de-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ansible-automation-platform/ee-29-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:47:09.259Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:55:00.729Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57847"
        },
        {
          "name": "RHBZ#2391092",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391092"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T17:29:34.376Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:47:09.259Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57847",
    "datePublished": "2026-04-08T13:55:00.729Z",
    "dateReserved": "2025-08-21T14:40:40.821Z",
    "dateUpdated": "2026-04-08T16:13:23.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9909 (GCVE-0-2025-9909)

Vulnerability from nvd – Published: 2026-02-27 07:30 – Updated: 2026-02-27 18:43
VLAI?
Title
Aap-gateway: improper path validation in gateway allows credential exfiltration
Summary
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions
Assigner
References
https://access.redhat.com/errata/RHSA-2025:21768 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21775 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9909 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392836 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.20251210-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.20251210-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:2.6.20251119-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
Date Public ?
2025-09-17 23:59
Credits
This issue was discovered by Elijah DeLee (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T18:42:58.678456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T18:43:09.098Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.20251210-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.20251210-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.20251119-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/gateway-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/gateway-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Elijah DeLee (Red Hat)."
        }
      ],
      "datePublic": "2025-09-17T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-647",
              "description": "Use of Non-Canonical URL Paths for Authorization Decisions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:30:00.885Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21768"
        },
        {
          "name": "RHSA-2025:21775",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21775"
        },
        {
          "name": "RHSA-2025:23069",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23069"
        },
        {
          "name": "RHSA-2025:23131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23131"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9909"
        },
        {
          "name": "RHBZ#2392836",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392836"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-03T07:53:49.538Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-17T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap-gateway: improper path validation in gateway allows credential exfiltration",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-647: Use of Non-Canonical URL Paths for Authorization Decisions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9909",
    "datePublished": "2026-02-27T07:30:00.885Z",
    "dateReserved": "2025-09-03T07:57:09.461Z",
    "dateUpdated": "2026-02-27T18:43:09.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9908 (GCVE-0-2025-9908)

Vulnerability from nvd – Published: 2026-02-27 07:29 – Updated: 2026-03-03 18:09
VLAI?
Title
Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
Summary
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9908 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392835 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
Date Public ?
2025-09-17 23:59
Credits
This issue was discovered by Elijah DeLee (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-28T04:55:38.778174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T18:09:46.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Elijah DeLee (Red Hat)."
        }
      ],
      "datePublic": "2025-09-17T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:29:32.368Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:19201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19201"
        },
        {
          "name": "RHSA-2025:19221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19221"
        },
        {
          "name": "RHSA-2025:23069",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23069"
        },
        {
          "name": "RHSA-2025:23131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23131"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9908"
        },
        {
          "name": "RHBZ#2392835",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392835"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-03T07:47:46.731Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-17T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9908",
    "datePublished": "2026-02-27T07:29:32.368Z",
    "dateReserved": "2025-09-03T07:53:14.097Z",
    "dateUpdated": "2026-03-03T18:09:46.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9907 (GCVE-0-2025-9907)

Vulnerability from nvd – Published: 2026-02-27 07:29 – Updated: 2026-02-28 04:55
VLAI?
Title
Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
Summary
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9907 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392834 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
Date Public ?
2025-09-17 23:59
Credits
This issue was discovered by Elijah DeLee (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-28T04:55:39.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Elijah DeLee (Red Hat)."
        }
      ],
      "datePublic": "2025-09-17T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:29:06.070Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:19201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19201"
        },
        {
          "name": "RHSA-2025:19221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19221"
        },
        {
          "name": "RHSA-2025:23069",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23069"
        },
        {
          "name": "RHSA-2025:23131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23131"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9907"
        },
        {
          "name": "RHBZ#2392834",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392834"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-03T07:28:31.788Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-17T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9907",
    "datePublished": "2026-02-27T07:29:06.070Z",
    "dateReserved": "2025-09-03T07:44:22.984Z",
    "dateUpdated": "2026-02-28T04:55:39.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53862 (GCVE-0-2025-53862)

Vulnerability from nvd – Published: 2025-07-11 12:34 – Updated: 2025-11-21 07:36
VLAI?
Title
Aap: aap-gateway: automation-hub: sensitive information disclosure
Summary
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.
Severity ?
3.5 (Low)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
Date Public ?
2025-07-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:20:24.432172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:20:29.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T07:36:54.612Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-53862"
        },
        {
          "name": "RHBZ#2379359",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379359"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-10T18:50:55.616Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap: aap-gateway: automation-hub: sensitive information disclosure",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, there is no mitigation available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-53862",
    "datePublished": "2025-07-11T12:34:24.020Z",
    "dateReserved": "2025-07-10T19:20:35.739Z",
    "dateUpdated": "2025-11-21T07:36:54.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53861 (GCVE-0-2025-53861)

Vulnerability from nvd – Published: 2025-07-11 12:44 – Updated: 2025-11-21 07:36
VLAI?
Title
Aap: sensitive cookie(s) set without security flags
Summary
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
Severity ?
3.1 (Low)
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
Date Public ?
2025-07-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:19:33.437729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:19:51.710Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T07:36:54.466Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-53861"
        },
        {
          "name": "RHBZ#2379360",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379360"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-10T18:30:50.752Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap: sensitive cookie(s) set without security flags",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, there is no mitigation available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-53861",
    "datePublished": "2025-07-11T12:44:17.837Z",
    "dateReserved": "2025-07-10T19:20:35.738Z",
    "dateUpdated": "2025-11-21T07:36:54.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10033 (GCVE-0-2024-10033)

Vulnerability from nvd – Published: 2024-10-16 16:59 – Updated: 2025-11-20 18:11
VLAI?
Title
Aap-gateway: xss on aap-gateway
Summary
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 2.5.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.3-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.3-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
Date Public ?
2024-10-16 00:00
Credits
This issue was discovered by Rick Elrod (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T17:37:00.293002Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T17:56:50.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/ansible/ansible",
          "defaultStatus": "unaffected",
          "packageName": "aap-gateway",
          "versions": [
            {
              "lessThan": "2.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.3-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.3-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Rick Elrod (Red Hat)."
        }
      ],
      "datePublic": "2024-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:11:34.539Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:8534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8534"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10033"
        },
        {
          "name": "RHBZ#2319162",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-16T13:44:08.666Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-16T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap-gateway: xss on aap-gateway",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10033",
    "datePublished": "2024-10-16T16:59:43.968Z",
    "dateReserved": "2024-10-16T13:48:55.226Z",
    "dateUpdated": "2025-11-20T18:11:34.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0690 (GCVE-0-2024-0690)

Vulnerability from nvd – Published: 2024-02-06 12:00 – Updated: 2025-11-06 21:48
VLAI?
Title
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
Summary
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Severity ?
5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE
  • CWE-117 - Improper Output Neutralization for Logs
Assigner
References
Impacted products
Vendor Product Version
Affected: 2.14.0 , < 2.14.4 (semver)
Affected: 2.15.0 , < 2.15.9 (semver)
Affected: 2.16.0 , < 2.16.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.9-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.9-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.16.3-2.el8 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.14.14-1.el9 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
Date Public ?
2024-01-18 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T18:30:30.103500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:35.753Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:22:31.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0733",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0733"
          },
          {
            "name": "RHSA-2024:2246",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2246"
          },
          {
            "name": "RHSA-2024:3043",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3043"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
          },
          {
            "name": "RHBZ#2259013",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ansible/ansible/pull/82565"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250117-0001/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.ansible.com/",
          "defaultStatus": "unaffected",
          "packageName": "ansible",
          "versions": [
            {
              "lessThan": "2.14.4",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.15.9",
              "status": "affected",
              "version": "2.15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.16.3",
              "status": "affected",
              "version": "2.16.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.9-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.9-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.3-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.14.14-1.el9",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "Improper Output Neutralization for Logs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T21:48:28.724Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0733",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0733"
        },
        {
          "name": "RHSA-2024:2246",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2246"
        },
        {
          "name": "RHSA-2024:3043",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3043"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
        },
        {
          "name": "RHBZ#2259013",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
        },
        {
          "url": "https://github.com/ansible/ansible/pull/82565"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-18T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-18T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration",
      "workarounds": [
        {
          "lang": "en",
          "value": "Explicitly setting \u0027no_log\u0027 within the playbook will prevent the output from containing potentially sensitive information."
        }
      ],
      "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0690",
    "datePublished": "2024-02-06T12:00:28.505Z",
    "dateReserved": "2024-01-18T16:03:22.626Z",
    "dateUpdated": "2025-11-06T21:48:28.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-50782 (GCVE-0-2023-50782)

Vulnerability from nvd – Published: 2024-02-05 20:45 – Updated: 2026-03-24 11:28
VLAI?
Title
Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Affected: 3.2 , < 42.0.0 (semver)
Date Public ?
2023-12-13 00:00
Credits
This issue was discovered by Hubert Kario (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:23:43.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
          },
          {
            "name": "RHBZ#2254432",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50782",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-15T16:14:33.778114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:29:24.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/pyca/cryptography",
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "versions": [
            {
              "lessThan": "42.0.0",
              "status": "affected",
              "version": "3.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python39:3.9/python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Hubert Kario (Red Hat)."
        }
      ],
      "datePublic": "2023-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:28:21.353Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
        },
        {
          "name": "RHBZ#2254432",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-203: Observable Discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-50782",
    "datePublished": "2024-02-05T20:45:49.705Z",
    "dateReserved": "2023-12-13T20:44:02.023Z",
    "dateUpdated": "2026-03-24T11:28:21.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5115 (GCVE-0-2023-5115)

Vulnerability from nvd – Published: 2023-12-18 13:43 – Updated: 2025-11-20 17:29
VLAI?
Title
Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
Summary
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
References
https://access.redhat.com/errata/RHSA-2023:5701 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5758 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5115 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2233810 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:2.14.11-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:2.14.11-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:2.15.5-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:2.15.5-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
 Create a notification for this product.
Date Public ?
2023-09-21 19:33
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:5701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5701"
          },
          {
            "name": "RHSA-2023:5758",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5758"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
          },
          {
            "name": "RHBZ#2233810",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.14.11-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.14.11-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.5-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.5-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-09-21T19:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:29:54.523Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:5701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5701"
        },
        {
          "name": "RHSA-2023:5758",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5758"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
        },
        {
          "name": "RHBZ#2233810",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-23T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-21T19:33:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files",
      "x_redhatCweChain": "CWE-36: Absolute Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5115",
    "datePublished": "2023-12-18T13:43:07.791Z",
    "dateReserved": "2023-09-21T19:29:27.130Z",
    "dateUpdated": "2025-11-20T17:29:54.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5764 (GCVE-0-2023-5764)

Vulnerability from nvd – Published: 2023-12-12 22:01 – Updated: 2025-11-20 18:07
VLAI?
Title
Ansible: template injection
Summary
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Severity ?
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.8-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.8-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.8-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.8-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
Date Public ?
2023-11-02 12:57
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5764",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T03:55:28.216152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T19:39:40.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:07:31.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:7773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7773"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
          },
          {
            "name": "RHBZ#2247629",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-11-02T12:57:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "Improper Neutralization of Special Elements Used in a Template Engine",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:07:16.802Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:7773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7773"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
        },
        {
          "name": "RHBZ#2247629",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-02T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-02T12:57:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible: template injection",
      "x_redhatCweChain": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5764",
    "datePublished": "2023-12-12T22:01:33.467Z",
    "dateReserved": "2023-10-25T10:27:46.601Z",
    "dateUpdated": "2025-11-20T18:07:16.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5189 (GCVE-0-2023-5189)

Vulnerability from nvd – Published: 2023-11-14 22:57 – Updated: 2025-11-20 17:30
VLAI?
Title
Hub: insecure galaxy-importer tarfile extraction
Summary
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
CWE
  • CWE-23 - Relative Path Traversal
Assigner
References
https://access.redhat.com/errata/RHSA-2023:7773 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1536 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2010 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5189 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2234387 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:0.4.18-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:0.4.18-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:0.4.18-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:0.4.18-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:0.4.19-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_maintenance:6.15::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:0.4.19-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_maintenance:6.15::el8
 Create a notification for this product.
Date Public ?
2023-09-26 05:28
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:52:08.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:7773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7773"
          },
          {
            "name": "RHSA-2024:1536",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1536"
          },
          {
            "name": "RHSA-2024:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2010"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
          },
          {
            "name": "RHBZ#2234387",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5189",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T14:15:00.429640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T14:16:10.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "python3x-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-2.el8pc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-2.el8pc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.19-2.el8pc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.19-2.el8pc",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-09-26T05:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:30:17.896Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:7773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7773"
        },
        {
          "name": "RHSA-2024:1536",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1536"
        },
        {
          "name": "RHSA-2024:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2010"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
        },
        {
          "name": "RHBZ#2234387",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-23T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-26T05:28:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Hub: insecure galaxy-importer tarfile extraction",
      "x_redhatCweChain": "CWE-23: Relative Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5189",
    "datePublished": "2023-11-14T22:57:00.584Z",
    "dateReserved": "2023-09-26T05:27:24.004Z",
    "dateUpdated": "2025-11-20T17:30:17.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-44487 (GCVE-0-2023-44487)

Vulnerability from nvd – Published: 2023-10-10 00:00 – Updated: 2025-11-04 21:08
VLAI?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • n/a
Assigner
References
https://github.com/dotnet/core/blob/e4613450ea0da…
https://blog.cloudflare.com/technical-breakdown-h…
https://aws.amazon.com/security/security-bulletin…
https://cloud.google.com/blog/products/identity-s…
https://www.nginx.com/blog/http-2-rapid-reset-att…
https://cloud.google.com/blog/products/identity-s…
https://news.ycombinator.com/item?id=37831062
https://blog.cloudflare.com/zero-day-rapid-reset-…
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/haproxy/haproxy/issues/2312
https://github.com/eclipse/jetty.project/issues/10679
https://forums.swift.org/t/swift-nio-http2-securi…
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/netty/netty/commit/58f75f665aa…
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/o…
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://github.com/caddyserver/caddy/issues/5877
https://www.bleepingcomputer.com/news/security/ne…
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/grpc/grpc-go/pull/6703
https://github.com/icing/mod_h2/blob/0a864782af0a…
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://mailman.nginx.org/pipermail/nginx-devel/2…
https://my.f5.com/manage/s/article/K000137106
https://msrc.microsoft.com/blog/2023/10/microsoft…
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329…
http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
https://seanmonstar.com/post/730794151136935936/h…
https://github.com/microsoft/CBL-Mariner/pull/6381
https://groups.google.com/g/golang-announce/c/iNN…
https://github.com/facebook/proxygen/pull/466
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
https://github.com/micrictor/http2-rst-stream
https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
https://openssf.org/blog/2023/10/10/http-2-rapid-…
https://github.com/h2o/h2o/security/advisories/GH…
https://github.com/h2o/h2o/pull/3291
https://github.com/nodejs/node/pull/50121
https://github.com/dotnet/announcements/issues/277
https://github.com/golang/go/issues/63417
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/apache/trafficserver/pull/10564
https://msrc.microsoft.com/update-guide/vulnerabi…
https://tomcat.apache.org/security-10.html#Fixed_…
https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
https://www.openwall.com/lists/oss-security/2023/…
https://www.haproxy.com/blog/haproxy-is-not-affec…
https://github.com/opensearch-project/data-preppe…
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/oqtane/oqtane.framework/discus…
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://www.cisa.gov/news-events/alerts/2023/10/1…
https://www.theregister.com/2023/10/10/http2_rapi…
https://blog.qualys.com/vulnerabilities-threat-re…
https://news.ycombinator.com/item?id=37837043
https://github.com/kazu-yamamoto/http2/issues/93
https://martinthomson.github.io/h2-stream-limits/…
https://github.com/kazu-yamamoto/http2/commit/f61…
https://github.com/apache/httpd/blob/afcdbeebbff4…
https://www.debian.org/security/2023/dsa-5522 vendor-advisory
https://www.debian.org/security/2023/dsa-5521 vendor-advisory
https://access.redhat.com/security/cve/cve-2023-44487
https://github.com/ninenines/cowboy/issues/1615
https://github.com/varnishcache/varnish-cache/iss…
https://github.com/tempesta-tech/tempesta/issues/1986
https://blog.vespa.ai/cve-2023-44487/
https://github.com/etcd-io/etcd/issues/16740
https://www.darkreading.com/cloud/internet-wide-z…
https://istio.io/latest/news/security/istio-secur…
https://github.com/junkurihara/rust-rpxy/issues/97
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://ubuntu.com/security/CVE-2023-44487
https://community.traefik.io/t/is-traefik-vulnera…
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/apache/httpd-site/pull/10
https://github.com/projectcontour/contour/pull/5826
https://github.com/linkerd/website/pull/1695/comm…
https://github.com/line/armeria/pull/5232
https://blog.litespeedtech.com/2023/10/11/rapid-r…
https://security.paloaltonetworks.com/CVE-2023-44487
https://github.com/akka/akka-http/issues/4323
https://github.com/openresty/openresty/issues/930
https://github.com/apache/apisix/issues/10320
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://www.netlify.com/blog/netlify-successfully…
https://github.com/caddyserver/caddy/releases/tag…
https://lists.debian.org/debian-lts-announce/2023… mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
https://arstechnica.com/security/2023/10/how-ddos…
https://lists.w3.org/Archives/Public/ietf-http-wg…
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://security.netapp.com/advisory/ntap-2023101…
https://lists.debian.org/debian-lts-announce/2023… mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://www.debian.org/security/2023/dsa-5540 vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://www.debian.org/security/2023/dsa-5549 vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://www.debian.org/security/2023/dsa-5558 vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://security.gentoo.org/glsa/202311-09 vendor-advisory
https://www.debian.org/security/2023/dsa-5570 vendor-advisory
https://security.netapp.com/advisory/ntap-2024042…
https://security.netapp.com/advisory/ntap-2024062…
https://security.netapp.com/advisory/ntap-2024062…
https://github.com/grpc/grpc/releases/tag/v1.59.2
https://sec.cloudapps.cisco.com/security/center/c…
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-44487",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T20:34:21.334116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:35.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-10T00:00:00.000Z",
            "value": "CVE-2023-44487 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:08:27.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37831062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/pull/30055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/haproxy/haproxy/issues/2312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/issues/10679"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/pull/1961"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/alibaba/tengine/issues/1872"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37830987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37830998"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/caddyserver/caddy/issues/5877"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcdannyboy/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc-go/pull/6703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000137106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/facebook/proxygen/pull/466"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micrictor/http2-rst-stream"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2o/h2o/pull/3291"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/node/pull/50121"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dotnet/announcements/issues/277"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/issues/63417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/trafficserver/pull/10564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/pull/121120"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37837043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kazu-yamamoto/http2/issues/93"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
          },
          {
            "name": "DSA-5522",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5522"
          },
          {
            "name": "DSA-5521",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ninenines/cowboy/issues/1615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.vespa.ai/cve-2023-44487/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/etcd-io/etcd/issues/16740"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd-site/pull/10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/projectcontour/contour/pull/5826"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/line/armeria/pull/5232"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/akka/akka-http/issues/4323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openresty/openresty/issues/930"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/apisix/issues/10320"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Azure/AKS/issues/3947"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Kong/kong/discussions/11741"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
          },
          {
            "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
          },
          {
            "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
          },
          {
            "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
          },
          {
            "name": "FEDORA-2023-ed2642fd58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
          },
          {
            "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
          },
          {
            "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
          },
          {
            "name": "[oss-security] 20231018 Vulnerability in Jenkins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
          },
          {
            "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
          },
          {
            "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
          },
          {
            "name": "FEDORA-2023-54fadada12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
          },
          {
            "name": "FEDORA-2023-5ff7bf1dd8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
          },
          {
            "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
          },
          {
            "name": "FEDORA-2023-17efd3f2cd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
          },
          {
            "name": "FEDORA-2023-d5030c983c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "name": "FEDORA-2023-0259c3f26f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
          },
          {
            "name": "FEDORA-2023-2a9214af5f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
          },
          {
            "name": "FEDORA-2023-e9c04d81c1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "name": "FEDORA-2023-f66fc0f62a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "name": "FEDORA-2023-4d2fd884ea",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "name": "FEDORA-2023-b2c50535cb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
          },
          {
            "name": "FEDORA-2023-fe53e13b5b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
          },
          {
            "name": "FEDORA-2023-4bf641255e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
          },
          {
            "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
          },
          {
            "name": "DSA-5540",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5540"
          },
          {
            "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
          },
          {
            "name": "FEDORA-2023-1caffb88af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
          },
          {
            "name": "FEDORA-2023-3f70b8d406",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
          },
          {
            "name": "FEDORA-2023-7b52921cae",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "name": "FEDORA-2023-7934802344",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
          },
          {
            "name": "FEDORA-2023-dbe64661af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          },
          {
            "name": "FEDORA-2023-822aab0a5a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
          },
          {
            "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
          },
          {
            "name": "DSA-5549",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5549"
          },
          {
            "name": "FEDORA-2023-c0c6a91330",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
          },
          {
            "name": "FEDORA-2023-492b7be466",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
          },
          {
            "name": "DSA-5558",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5558"
          },
          {
            "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
          },
          {
            "name": "GLSA-202311-09",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "name": "DSA-5570",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5570"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-07T20:05:34.376Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
        },
        {
          "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
        },
        {
          "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
        },
        {
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37831062"
        },
        {
          "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
        },
        {
          "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
        },
        {
          "url": "https://github.com/envoyproxy/envoy/pull/30055"
        },
        {
          "url": "https://github.com/haproxy/haproxy/issues/2312"
        },
        {
          "url": "https://github.com/eclipse/jetty.project/issues/10679"
        },
        {
          "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
        },
        {
          "url": "https://github.com/nghttp2/nghttp2/pull/1961"
        },
        {
          "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
        },
        {
          "url": "https://github.com/alibaba/tengine/issues/1872"
        },
        {
          "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37830987"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37830998"
        },
        {
          "url": "https://github.com/caddyserver/caddy/issues/5877"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
        },
        {
          "url": "https://github.com/bcdannyboy/CVE-2023-44487"
        },
        {
          "url": "https://github.com/grpc/grpc-go/pull/6703"
        },
        {
          "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
        },
        {
          "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
        },
        {
          "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
        },
        {
          "url": "https://my.f5.com/manage/s/article/K000137106"
        },
        {
          "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
        },
        {
          "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
        },
        {
          "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
        },
        {
          "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
        },
        {
          "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
        },
        {
          "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
        },
        {
          "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
        },
        {
          "url": "https://github.com/facebook/proxygen/pull/466"
        },
        {
          "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
        },
        {
          "url": "https://github.com/micrictor/http2-rst-stream"
        },
        {
          "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
        },
        {
          "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
        },
        {
          "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
        },
        {
          "url": "https://github.com/h2o/h2o/pull/3291"
        },
        {
          "url": "https://github.com/nodejs/node/pull/50121"
        },
        {
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "url": "https://github.com/golang/go/issues/63417"
        },
        {
          "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
        },
        {
          "url": "https://github.com/apache/trafficserver/pull/10564"
        },
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
        },
        {
          "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
        },
        {
          "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
        },
        {
          "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
        },
        {
          "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
        },
        {
          "url": "https://github.com/kubernetes/kubernetes/pull/121120"
        },
        {
          "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
        },
        {
          "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
        },
        {
          "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
        },
        {
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
        },
        {
          "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37837043"
        },
        {
          "url": "https://github.com/kazu-yamamoto/http2/issues/93"
        },
        {
          "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
        },
        {
          "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
        },
        {
          "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
        },
        {
          "name": "DSA-5522",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5522"
        },
        {
          "name": "DSA-5521",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5521"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2023-44487"
        },
        {
          "url": "https://github.com/ninenines/cowboy/issues/1615"
        },
        {
          "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
        },
        {
          "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
        },
        {
          "url": "https://blog.vespa.ai/cve-2023-44487/"
        },
        {
          "url": "https://github.com/etcd-io/etcd/issues/16740"
        },
        {
          "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
        },
        {
          "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
        },
        {
          "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "url": "https://ubuntu.com/security/CVE-2023-44487"
        },
        {
          "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
        },
        {
          "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
        },
        {
          "url": "https://github.com/apache/httpd-site/pull/10"
        },
        {
          "url": "https://github.com/projectcontour/contour/pull/5826"
        },
        {
          "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
        },
        {
          "url": "https://github.com/line/armeria/pull/5232"
        },
        {
          "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
        },
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
        },
        {
          "url": "https://github.com/akka/akka-http/issues/4323"
        },
        {
          "url": "https://github.com/openresty/openresty/issues/930"
        },
        {
          "url": "https://github.com/apache/apisix/issues/10320"
        },
        {
          "url": "https://github.com/Azure/AKS/issues/3947"
        },
        {
          "url": "https://github.com/Kong/kong/discussions/11741"
        },
        {
          "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
        },
        {
          "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
        },
        {
          "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
        },
        {
          "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
        },
        {
          "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
        },
        {
          "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
        },
        {
          "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
        },
        {
          "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
        },
        {
          "name": "FEDORA-2023-ed2642fd58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
        },
        {
          "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
        },
        {
          "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
        },
        {
          "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
        },
        {
          "name": "[oss-security] 20231018 Vulnerability in Jenkins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
        },
        {
          "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
        },
        {
          "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
        },
        {
          "name": "FEDORA-2023-54fadada12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
        },
        {
          "name": "FEDORA-2023-5ff7bf1dd8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
        },
        {
          "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
        },
        {
          "name": "FEDORA-2023-17efd3f2cd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
        },
        {
          "name": "FEDORA-2023-d5030c983c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
        },
        {
          "name": "FEDORA-2023-0259c3f26f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
        },
        {
          "name": "FEDORA-2023-2a9214af5f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
        },
        {
          "name": "FEDORA-2023-e9c04d81c1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
        },
        {
          "name": "FEDORA-2023-f66fc0f62a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
        },
        {
          "name": "FEDORA-2023-4d2fd884ea",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
        },
        {
          "name": "FEDORA-2023-b2c50535cb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
        },
        {
          "name": "FEDORA-2023-fe53e13b5b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
        },
        {
          "name": "FEDORA-2023-4bf641255e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
        },
        {
          "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
        },
        {
          "name": "DSA-5540",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5540"
        },
        {
          "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
        },
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
        },
        {
          "name": "FEDORA-2023-1caffb88af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
        },
        {
          "name": "FEDORA-2023-3f70b8d406",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
        },
        {
          "name": "FEDORA-2023-7b52921cae",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
        },
        {
          "name": "FEDORA-2023-7934802344",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
        },
        {
          "name": "FEDORA-2023-dbe64661af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
        },
        {
          "name": "FEDORA-2023-822aab0a5a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
        },
        {
          "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
        },
        {
          "name": "DSA-5549",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5549"
        },
        {
          "name": "FEDORA-2023-c0c6a91330",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
        },
        {
          "name": "FEDORA-2023-492b7be466",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
        },
        {
          "name": "DSA-5558",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5558"
        },
        {
          "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
        },
        {
          "name": "GLSA-202311-09",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202311-09"
        },
        {
          "name": "DSA-5570",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5570"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        },
        {
          "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
        },
        {
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-44487",
    "datePublished": "2023-10-10T00:00:00.000Z",
    "dateReserved": "2023-09-29T00:00:00.000Z",
    "dateUpdated": "2025-11-04T21:08:27.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4380 (GCVE-0-2023-4380)

Vulnerability from nvd – Published: 2023-10-04 14:24 – Updated: 2025-11-20 18:27
VLAI?
Title
Platform: token exposed at importing project
Summary
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:1.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:1.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
Date Public ?
2023-08-16 10:05
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:4693",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4693"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4380"
          },
          {
            "name": "RHBZ#2232324",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-08-16T10:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:27:32.482Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:4693",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:4693"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4380"
        },
        {
          "name": "RHBZ#2232324",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-16T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-08-16T10:05:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Platform: token exposed at importing project",
      "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4380",
    "datePublished": "2023-10-04T14:24:35.121Z",
    "dateReserved": "2023-08-16T10:02:36.139Z",
    "dateUpdated": "2025-11-20T18:27:32.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4237 (GCVE-0-2023-4237)

Vulnerability from nvd – Published: 2023-10-04 14:23 – Updated: 2026-02-25 18:31
VLAI?
Title
Platform: ec2_key module prints out the private key directly to the standard output
Summary
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Severity ?
7.3 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
https://access.redhat.com/errata/RHBA-2023:5653 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2023:5666 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4237 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2229979 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1.0.0-423 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1.0.0-424 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
Date Public ?
2023-08-08 11:15
Credits
Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:07:30.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHBA-2023:5653",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2023:5653"
          },
          {
            "name": "RHBA-2023:5666",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2023:5666"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
          },
          {
            "name": "RHBZ#2229979",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241025-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-supported-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.0.0-423",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-supported-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.0.0-424",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue."
        }
      ],
      "datePublic": "2023-08-08T11:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\u0027s confidentiality, integrity, and availability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T18:31:55.136Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHBA-2023:5653",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2023:5653"
        },
        {
          "name": "RHBA-2023:5666",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2023:5666"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
        },
        {
          "name": "RHBZ#2229979",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-08T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-08-08T11:15:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Platform: ec2_key module prints out the private key directly to the standard output",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4237",
    "datePublished": "2023-10-04T14:23:20.710Z",
    "dateReserved": "2023-08-08T11:15:05.990Z",
    "dateUpdated": "2026-02-25T18:31:55.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3971 (GCVE-0-2023-3971)

Vulnerability from nvd – Published: 2023-10-04 14:26 – Updated: 2025-11-20 19:51
VLAI?
Title
Controller: html injection in custom login info
Summary
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Severity ?
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CWE
  • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
https://access.redhat.com/errata/RHSA-2023:4340 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4590 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3971 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2226965 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:4.3.11-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:4.3.11-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:4.4.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:4.4.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
Date Public ?
2023-07-27 07:28
Credits
Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-26T19:46:29.640652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:34.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:4340",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4340"
          },
          {
            "name": "RHSA-2023:4590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4590"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
          },
          {
            "name": "RHBZ#2226965",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.3.11-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.3.11-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue."
        }
      ],
      "datePublic": "2023-07-27T07:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T19:51:46.690Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:4340",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:4340"
        },
        {
          "name": "RHSA-2023:4590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:4590"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
        },
        {
          "name": "RHBZ#2226965",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-18T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-07-27T07:28:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Controller: html injection in custom login info",
      "x_redhatCweChain": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3971",
    "datePublished": "2023-10-04T14:26:01.621Z",
    "dateReserved": "2023-07-27T07:24:40.604Z",
    "dateUpdated": "2025-11-20T19:51:46.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57847 (GCVE-0-2025-57847)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 16:13
VLAI?
Title
Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions
Summary
A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
Date Public ?
2026-04-08 13:47
Credits
Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T15:42:54.958669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T16:13:23.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/de-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/de-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-29-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-24/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ansible-dev-tools-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/controller-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/de-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/de-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ansible-automation-platform/ee-29-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform/ee-minimal-rhel8",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform/ee-minimal-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-04-08T13:47:09.259Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:55:00.729Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57847"
        },
        {
          "name": "RHBZ#2391092",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391092"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T17:29:34.376Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-08T13:47:09.259Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57847",
    "datePublished": "2026-04-08T13:55:00.729Z",
    "dateReserved": "2025-08-21T14:40:40.821Z",
    "dateUpdated": "2026-04-08T16:13:23.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9909 (GCVE-0-2025-9909)

Vulnerability from cvelistv5 – Published: 2026-02-27 07:30 – Updated: 2026-02-27 18:43
VLAI?
Title
Aap-gateway: improper path validation in gateway allows credential exfiltration
Summary
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions
Assigner
References
https://access.redhat.com/errata/RHSA-2025:21768 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21775 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9909 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392836 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.20251210-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.20251210-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:2.6.20251119-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
Date Public ?
2025-09-17 23:59
Credits
This issue was discovered by Elijah DeLee (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T18:42:58.678456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T18:43:09.098Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.20251210-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.20251210-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.20251119-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/gateway-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/gateway-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Elijah DeLee (Red Hat)."
        }
      ],
      "datePublic": "2025-09-17T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-647",
              "description": "Use of Non-Canonical URL Paths for Authorization Decisions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:30:00.885Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21768"
        },
        {
          "name": "RHSA-2025:21775",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21775"
        },
        {
          "name": "RHSA-2025:23069",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23069"
        },
        {
          "name": "RHSA-2025:23131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23131"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9909"
        },
        {
          "name": "RHBZ#2392836",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392836"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-03T07:53:49.538Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-17T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap-gateway: improper path validation in gateway allows credential exfiltration",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-647: Use of Non-Canonical URL Paths for Authorization Decisions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9909",
    "datePublished": "2026-02-27T07:30:00.885Z",
    "dateReserved": "2025-09-03T07:57:09.461Z",
    "dateUpdated": "2026-02-27T18:43:09.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9908 (GCVE-0-2025-9908)

Vulnerability from cvelistv5 – Published: 2026-02-27 07:29 – Updated: 2026-03-03 18:09
VLAI?
Title
Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
Summary
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9908 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392835 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
Date Public ?
2025-09-17 23:59
Credits
This issue was discovered by Elijah DeLee (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-28T04:55:38.778174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T18:09:46.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Elijah DeLee (Red Hat)."
        }
      ],
      "datePublic": "2025-09-17T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:29:32.368Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:19201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19201"
        },
        {
          "name": "RHSA-2025:19221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19221"
        },
        {
          "name": "RHSA-2025:23069",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23069"
        },
        {
          "name": "RHSA-2025:23131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23131"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9908"
        },
        {
          "name": "RHBZ#2392835",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392835"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-03T07:47:46.731Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-17T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9908",
    "datePublished": "2026-02-27T07:29:32.368Z",
    "dateReserved": "2025-09-03T07:53:14.097Z",
    "dateUpdated": "2026-03-03T18:09:46.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9907 (GCVE-0-2025-9907)

Vulnerability from cvelistv5 – Published: 2026-02-27 07:29 – Updated: 2026-02-28 04:55
VLAI?
Title
Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
Summary
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-9907 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2392834 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.6::el9
 Create a notification for this product.
Date Public ?
2025-09-17 23:59
Credits
This issue was discovered by Elijah DeLee (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-28T04:55:39.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-builder",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-creator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-environment",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.2-1.1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-dev-tools",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-lint",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-navigator",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-sign",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.4-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.14-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "bindep",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.13.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "molecule",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ansible-compat",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-distlib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-django",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.2.26-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-execnet",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.36-2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-galaxy-ng",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.10.10-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-gunicorn",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.0.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pluggy",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.0.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-pytest-xdist",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-ruamel-yaml-clib",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.2.15-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-subprocess-tee",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.2-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-tox-ansible",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.12.0-1.2.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python3.11-typing-extensions",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.0-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Elijah DeLee (Red Hat)."
        }
      ],
      "datePublic": "2025-09-17T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:29:06.070Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:19201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19201"
        },
        {
          "name": "RHSA-2025:19221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19221"
        },
        {
          "name": "RHSA-2025:23069",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23069"
        },
        {
          "name": "RHSA-2025:23131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23131"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9907"
        },
        {
          "name": "RHBZ#2392834",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392834"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-03T07:28:31.788Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-17T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9907",
    "datePublished": "2026-02-27T07:29:06.070Z",
    "dateReserved": "2025-09-03T07:44:22.984Z",
    "dateUpdated": "2026-02-28T04:55:39.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53861 (GCVE-0-2025-53861)

Vulnerability from cvelistv5 – Published: 2025-07-11 12:44 – Updated: 2025-11-21 07:36
VLAI?
Title
Aap: sensitive cookie(s) set without security flags
Summary
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
Severity ?
3.1 (Low)
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
Date Public ?
2025-07-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:19:33.437729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:19:51.710Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T07:36:54.466Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-53861"
        },
        {
          "name": "RHBZ#2379360",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379360"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-10T18:30:50.752Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap: sensitive cookie(s) set without security flags",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, there is no mitigation available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-53861",
    "datePublished": "2025-07-11T12:44:17.837Z",
    "dateReserved": "2025-07-10T19:20:35.738Z",
    "dateUpdated": "2025-11-21T07:36:54.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53862 (GCVE-0-2025-53862)

Vulnerability from cvelistv5 – Published: 2025-07-11 12:34 – Updated: 2025-11-21 07:36
VLAI?
Title
Aap: aap-gateway: automation-hub: sensitive information disclosure
Summary
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.
Severity ?
3.5 (Low)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
 Create a notification for this product.
Date Public ?
2025-07-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:20:24.432172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:20:29.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "automation-hub",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T07:36:54.612Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-53862"
        },
        {
          "name": "RHBZ#2379359",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379359"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-10T18:50:55.616Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap: aap-gateway: automation-hub: sensitive information disclosure",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, there is no mitigation available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-53862",
    "datePublished": "2025-07-11T12:34:24.020Z",
    "dateReserved": "2025-07-10T19:20:35.739Z",
    "dateUpdated": "2025-11-21T07:36:54.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10033 (GCVE-0-2024-10033)

Vulnerability from cvelistv5 – Published: 2024-10-16 16:59 – Updated: 2025-11-20 18:11
VLAI?
Title
Aap-gateway: xss on aap-gateway
Summary
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 2.5.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.3-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.3-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
    cpe:/a:redhat:ansible_automation_platform:2.5::el8
 Create a notification for this product.
Date Public ?
2024-10-16 00:00
Credits
This issue was discovered by Rick Elrod (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T17:37:00.293002Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T17:56:50.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/ansible/ansible",
          "defaultStatus": "unaffected",
          "packageName": "aap-gateway",
          "versions": [
            {
              "lessThan": "2.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.3-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.3-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Rick Elrod (Red Hat)."
        }
      ],
      "datePublic": "2024-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:11:34.539Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:8534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8534"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10033"
        },
        {
          "name": "RHBZ#2319162",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-16T13:44:08.666Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-16T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Aap-gateway: xss on aap-gateway",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10033",
    "datePublished": "2024-10-16T16:59:43.968Z",
    "dateReserved": "2024-10-16T13:48:55.226Z",
    "dateUpdated": "2025-11-20T18:11:34.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0690 (GCVE-0-2024-0690)

Vulnerability from cvelistv5 – Published: 2024-02-06 12:00 – Updated: 2025-11-06 21:48
VLAI?
Title
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
Summary
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Severity ?
5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE
  • CWE-117 - Improper Output Neutralization for Logs
Assigner
References
Impacted products
Vendor Product Version
Affected: 2.14.0 , < 2.14.4 (semver)
Affected: 2.15.0 , < 2.15.9 (semver)
Affected: 2.16.0 , < 2.16.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.9-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.9-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.16.3-2.el8 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.14.14-1.el9 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
Date Public ?
2024-01-18 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T18:30:30.103500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:35.753Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:22:31.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0733",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0733"
          },
          {
            "name": "RHSA-2024:2246",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2246"
          },
          {
            "name": "RHSA-2024:3043",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3043"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
          },
          {
            "name": "RHBZ#2259013",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ansible/ansible/pull/82565"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250117-0001/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.ansible.com/",
          "defaultStatus": "unaffected",
          "packageName": "ansible",
          "versions": [
            {
              "lessThan": "2.14.4",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.15.9",
              "status": "affected",
              "version": "2.15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.16.3",
              "status": "affected",
              "version": "2.16.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.9-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.9-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.3-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.14.14-1.el9",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "Improper Output Neutralization for Logs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T21:48:28.724Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0733",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0733"
        },
        {
          "name": "RHSA-2024:2246",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2246"
        },
        {
          "name": "RHSA-2024:3043",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3043"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
        },
        {
          "name": "RHBZ#2259013",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
        },
        {
          "url": "https://github.com/ansible/ansible/pull/82565"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-18T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-18T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration",
      "workarounds": [
        {
          "lang": "en",
          "value": "Explicitly setting \u0027no_log\u0027 within the playbook will prevent the output from containing potentially sensitive information."
        }
      ],
      "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0690",
    "datePublished": "2024-02-06T12:00:28.505Z",
    "dateReserved": "2024-01-18T16:03:22.626Z",
    "dateUpdated": "2025-11-06T21:48:28.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-50782 (GCVE-0-2023-50782)

Vulnerability from cvelistv5 – Published: 2024-02-05 20:45 – Updated: 2026-03-24 11:28
VLAI?
Title
Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Affected: 3.2 , < 42.0.0 (semver)
Date Public ?
2023-12-13 00:00
Credits
This issue was discovered by Hubert Kario (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:23:43.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
          },
          {
            "name": "RHBZ#2254432",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50782",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-15T16:14:33.778114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:29:24.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/pyca/cryptography",
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "versions": [
            {
              "lessThan": "42.0.0",
              "status": "affected",
              "version": "3.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python39:3.9/python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "python-cryptography",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhui:4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-cryptography",
          "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Hubert Kario (Red Hat)."
        }
      ],
      "datePublic": "2023-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:28:21.353Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
        },
        {
          "name": "RHBZ#2254432",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-203: Observable Discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-50782",
    "datePublished": "2024-02-05T20:45:49.705Z",
    "dateReserved": "2023-12-13T20:44:02.023Z",
    "dateUpdated": "2026-03-24T11:28:21.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5115 (GCVE-0-2023-5115)

Vulnerability from cvelistv5 – Published: 2023-12-18 13:43 – Updated: 2025-11-20 17:29
VLAI?
Title
Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
Summary
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
References
https://access.redhat.com/errata/RHSA-2023:5701 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5758 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5115 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2233810 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:2.14.11-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:2.14.11-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:2.15.5-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:2.15.5-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
 Create a notification for this product.
Date Public ?
2023-09-21 19:33
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:5701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5701"
          },
          {
            "name": "RHSA-2023:5758",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5758"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
          },
          {
            "name": "RHBZ#2233810",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.14.11-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.14.11-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.5-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.5-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible",
          "product": "Red Hat Ansible Automation Platform 1.2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-09-21T19:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:29:54.523Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:5701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5701"
        },
        {
          "name": "RHSA-2023:5758",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5758"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
        },
        {
          "name": "RHBZ#2233810",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-23T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-21T19:33:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files",
      "x_redhatCweChain": "CWE-36: Absolute Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5115",
    "datePublished": "2023-12-18T13:43:07.791Z",
    "dateReserved": "2023-09-21T19:29:27.130Z",
    "dateUpdated": "2025-11-20T17:29:54.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5764 (GCVE-0-2023-5764)

Vulnerability from cvelistv5 – Published: 2023-12-12 22:01 – Updated: 2025-11-20 18:07
VLAI?
Title
Ansible: template injection
Summary
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Severity ?
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.8-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.8-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.8-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.8-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
 Create a notification for this product.
Date Public ?
2023-11-02 12:57
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5764",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T03:55:28.216152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T19:39:40.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:07:31.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:7773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7773"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
          },
          {
            "name": "RHBZ#2247629",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-core",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.15.8-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-11-02T12:57:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "Improper Neutralization of Special Elements Used in a Template Engine",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:07:16.802Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:7773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7773"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
        },
        {
          "name": "RHBZ#2247629",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-02T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-02T12:57:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ansible: template injection",
      "x_redhatCweChain": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5764",
    "datePublished": "2023-12-12T22:01:33.467Z",
    "dateReserved": "2023-10-25T10:27:46.601Z",
    "dateUpdated": "2025-11-20T18:07:16.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5189 (GCVE-0-2023-5189)

Vulnerability from cvelistv5 – Published: 2023-11-14 22:57 – Updated: 2025-11-20 17:30
VLAI?
Title
Hub: insecure galaxy-importer tarfile extraction
Summary
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
CWE
  • CWE-23 - Relative Path Traversal
Assigner
References
https://access.redhat.com/errata/RHSA-2023:7773 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1536 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2010 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5189 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2234387 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:0.4.18-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:0.4.18-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:0.4.18-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:0.4.18-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:0.4.19-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_maintenance:6.15::el8
 Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:0.4.19-2.el8pc , < * (rpm)
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_maintenance:6.15::el8
 Create a notification for this product.
Date Public ?
2023-09-26 05:28
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:52:08.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:7773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7773"
          },
          {
            "name": "RHSA-2024:1536",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1536"
          },
          {
            "name": "RHSA-2024:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2010"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
          },
          {
            "name": "RHBZ#2234387",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5189",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T14:15:00.429640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T14:16:10.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "python3x-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-2.el8pc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.18-2.el8pc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.19-2.el8pc",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "python-galaxy-importer",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.19-2.el8pc",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-09-26T05:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:30:17.896Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:7773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7773"
        },
        {
          "name": "RHSA-2024:1536",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1536"
        },
        {
          "name": "RHSA-2024:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2010"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
        },
        {
          "name": "RHBZ#2234387",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-23T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-26T05:28:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Hub: insecure galaxy-importer tarfile extraction",
      "x_redhatCweChain": "CWE-23: Relative Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5189",
    "datePublished": "2023-11-14T22:57:00.584Z",
    "dateReserved": "2023-09-26T05:27:24.004Z",
    "dateUpdated": "2025-11-20T17:30:17.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-44487 (GCVE-0-2023-44487)

Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2025-11-04 21:08
VLAI?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • n/a
Assigner
References
https://github.com/dotnet/core/blob/e4613450ea0da…
https://blog.cloudflare.com/technical-breakdown-h…
https://aws.amazon.com/security/security-bulletin…
https://cloud.google.com/blog/products/identity-s…
https://www.nginx.com/blog/http-2-rapid-reset-att…
https://cloud.google.com/blog/products/identity-s…
https://news.ycombinator.com/item?id=37831062
https://blog.cloudflare.com/zero-day-rapid-reset-…
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/haproxy/haproxy/issues/2312
https://github.com/eclipse/jetty.project/issues/10679
https://forums.swift.org/t/swift-nio-http2-securi…
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/netty/netty/commit/58f75f665aa…
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/o…
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://github.com/caddyserver/caddy/issues/5877
https://www.bleepingcomputer.com/news/security/ne…
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/grpc/grpc-go/pull/6703
https://github.com/icing/mod_h2/blob/0a864782af0a…
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://mailman.nginx.org/pipermail/nginx-devel/2…
https://my.f5.com/manage/s/article/K000137106
https://msrc.microsoft.com/blog/2023/10/microsoft…
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329…
http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
https://seanmonstar.com/post/730794151136935936/h…
https://github.com/microsoft/CBL-Mariner/pull/6381
https://groups.google.com/g/golang-announce/c/iNN…
https://github.com/facebook/proxygen/pull/466
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
https://github.com/micrictor/http2-rst-stream
https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
https://openssf.org/blog/2023/10/10/http-2-rapid-…
https://github.com/h2o/h2o/security/advisories/GH…
https://github.com/h2o/h2o/pull/3291
https://github.com/nodejs/node/pull/50121
https://github.com/dotnet/announcements/issues/277
https://github.com/golang/go/issues/63417
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/apache/trafficserver/pull/10564
https://msrc.microsoft.com/update-guide/vulnerabi…
https://tomcat.apache.org/security-10.html#Fixed_…
https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
https://www.openwall.com/lists/oss-security/2023/…
https://www.haproxy.com/blog/haproxy-is-not-affec…
https://github.com/opensearch-project/data-preppe…
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/oqtane/oqtane.framework/discus…
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://www.cisa.gov/news-events/alerts/2023/10/1…
https://www.theregister.com/2023/10/10/http2_rapi…
https://blog.qualys.com/vulnerabilities-threat-re…
https://news.ycombinator.com/item?id=37837043
https://github.com/kazu-yamamoto/http2/issues/93
https://martinthomson.github.io/h2-stream-limits/…
https://github.com/kazu-yamamoto/http2/commit/f61…
https://github.com/apache/httpd/blob/afcdbeebbff4…
https://www.debian.org/security/2023/dsa-5522 vendor-advisory
https://www.debian.org/security/2023/dsa-5521 vendor-advisory
https://access.redhat.com/security/cve/cve-2023-44487
https://github.com/ninenines/cowboy/issues/1615
https://github.com/varnishcache/varnish-cache/iss…
https://github.com/tempesta-tech/tempesta/issues/1986
https://blog.vespa.ai/cve-2023-44487/
https://github.com/etcd-io/etcd/issues/16740
https://www.darkreading.com/cloud/internet-wide-z…
https://istio.io/latest/news/security/istio-secur…
https://github.com/junkurihara/rust-rpxy/issues/97
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://ubuntu.com/security/CVE-2023-44487
https://community.traefik.io/t/is-traefik-vulnera…
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/apache/httpd-site/pull/10
https://github.com/projectcontour/contour/pull/5826
https://github.com/linkerd/website/pull/1695/comm…
https://github.com/line/armeria/pull/5232
https://blog.litespeedtech.com/2023/10/11/rapid-r…
https://security.paloaltonetworks.com/CVE-2023-44487
https://github.com/akka/akka-http/issues/4323
https://github.com/openresty/openresty/issues/930
https://github.com/apache/apisix/issues/10320
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://www.netlify.com/blog/netlify-successfully…
https://github.com/caddyserver/caddy/releases/tag…
https://lists.debian.org/debian-lts-announce/2023… mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
https://arstechnica.com/security/2023/10/how-ddos…
https://lists.w3.org/Archives/Public/ietf-http-wg…
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://security.netapp.com/advisory/ntap-2023101…
https://lists.debian.org/debian-lts-announce/2023… mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://www.debian.org/security/2023/dsa-5540 vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://www.debian.org/security/2023/dsa-5549 vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
https://www.debian.org/security/2023/dsa-5558 vendor-advisory
https://lists.debian.org/debian-lts-announce/2023… mailing-list
https://security.gentoo.org/glsa/202311-09 vendor-advisory
https://www.debian.org/security/2023/dsa-5570 vendor-advisory
https://security.netapp.com/advisory/ntap-2024042…
https://security.netapp.com/advisory/ntap-2024062…
https://security.netapp.com/advisory/ntap-2024062…
https://github.com/grpc/grpc/releases/tag/v1.59.2
https://sec.cloudapps.cisco.com/security/center/c…
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-44487",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T20:34:21.334116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:35.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-10T00:00:00.000Z",
            "value": "CVE-2023-44487 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:08:27.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37831062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/pull/30055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/haproxy/haproxy/issues/2312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/issues/10679"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/pull/1961"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/alibaba/tengine/issues/1872"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37830987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37830998"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/caddyserver/caddy/issues/5877"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcdannyboy/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc-go/pull/6703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000137106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/facebook/proxygen/pull/466"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micrictor/http2-rst-stream"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2o/h2o/pull/3291"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/node/pull/50121"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dotnet/announcements/issues/277"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/issues/63417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/trafficserver/pull/10564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/pull/121120"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37837043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kazu-yamamoto/http2/issues/93"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
          },
          {
            "name": "DSA-5522",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5522"
          },
          {
            "name": "DSA-5521",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ninenines/cowboy/issues/1615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.vespa.ai/cve-2023-44487/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/etcd-io/etcd/issues/16740"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd-site/pull/10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/projectcontour/contour/pull/5826"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/line/armeria/pull/5232"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/akka/akka-http/issues/4323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openresty/openresty/issues/930"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/apisix/issues/10320"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Azure/AKS/issues/3947"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Kong/kong/discussions/11741"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
          },
          {
            "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
          },
          {
            "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
          },
          {
            "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
          },
          {
            "name": "FEDORA-2023-ed2642fd58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
          },
          {
            "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
          },
          {
            "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
          },
          {
            "name": "[oss-security] 20231018 Vulnerability in Jenkins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
          },
          {
            "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
          },
          {
            "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
          },
          {
            "name": "FEDORA-2023-54fadada12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
          },
          {
            "name": "FEDORA-2023-5ff7bf1dd8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
          },
          {
            "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
          },
          {
            "name": "FEDORA-2023-17efd3f2cd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
          },
          {
            "name": "FEDORA-2023-d5030c983c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "name": "FEDORA-2023-0259c3f26f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
          },
          {
            "name": "FEDORA-2023-2a9214af5f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
          },
          {
            "name": "FEDORA-2023-e9c04d81c1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "name": "FEDORA-2023-f66fc0f62a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "name": "FEDORA-2023-4d2fd884ea",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "name": "FEDORA-2023-b2c50535cb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
          },
          {
            "name": "FEDORA-2023-fe53e13b5b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
          },
          {
            "name": "FEDORA-2023-4bf641255e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
          },
          {
            "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
          },
          {
            "name": "DSA-5540",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5540"
          },
          {
            "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
          },
          {
            "name": "FEDORA-2023-1caffb88af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
          },
          {
            "name": "FEDORA-2023-3f70b8d406",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
          },
          {
            "name": "FEDORA-2023-7b52921cae",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "name": "FEDORA-2023-7934802344",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
          },
          {
            "name": "FEDORA-2023-dbe64661af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          },
          {
            "name": "FEDORA-2023-822aab0a5a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
          },
          {
            "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
          },
          {
            "name": "DSA-5549",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5549"
          },
          {
            "name": "FEDORA-2023-c0c6a91330",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
          },
          {
            "name": "FEDORA-2023-492b7be466",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
          },
          {
            "name": "DSA-5558",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5558"
          },
          {
            "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
          },
          {
            "name": "GLSA-202311-09",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "name": "DSA-5570",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5570"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-07T20:05:34.376Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
        },
        {
          "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
        },
        {
          "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
        },
        {
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37831062"
        },
        {
          "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
        },
        {
          "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
        },
        {
          "url": "https://github.com/envoyproxy/envoy/pull/30055"
        },
        {
          "url": "https://github.com/haproxy/haproxy/issues/2312"
        },
        {
          "url": "https://github.com/eclipse/jetty.project/issues/10679"
        },
        {
          "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
        },
        {
          "url": "https://github.com/nghttp2/nghttp2/pull/1961"
        },
        {
          "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
        },
        {
          "url": "https://github.com/alibaba/tengine/issues/1872"
        },
        {
          "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37830987"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37830998"
        },
        {
          "url": "https://github.com/caddyserver/caddy/issues/5877"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
        },
        {
          "url": "https://github.com/bcdannyboy/CVE-2023-44487"
        },
        {
          "url": "https://github.com/grpc/grpc-go/pull/6703"
        },
        {
          "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
        },
        {
          "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
        },
        {
          "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
        },
        {
          "url": "https://my.f5.com/manage/s/article/K000137106"
        },
        {
          "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
        },
        {
          "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
        },
        {
          "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
        },
        {
          "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
        },
        {
          "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
        },
        {
          "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
        },
        {
          "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
        },
        {
          "url": "https://github.com/facebook/proxygen/pull/466"
        },
        {
          "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
        },
        {
          "url": "https://github.com/micrictor/http2-rst-stream"
        },
        {
          "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
        },
        {
          "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
        },
        {
          "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
        },
        {
          "url": "https://github.com/h2o/h2o/pull/3291"
        },
        {
          "url": "https://github.com/nodejs/node/pull/50121"
        },
        {
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "url": "https://github.com/golang/go/issues/63417"
        },
        {
          "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
        },
        {
          "url": "https://github.com/apache/trafficserver/pull/10564"
        },
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
        },
        {
          "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
        },
        {
          "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
        },
        {
          "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
        },
        {
          "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
        },
        {
          "url": "https://github.com/kubernetes/kubernetes/pull/121120"
        },
        {
          "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
        },
        {
          "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
        },
        {
          "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
        },
        {
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
        },
        {
          "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37837043"
        },
        {
          "url": "https://github.com/kazu-yamamoto/http2/issues/93"
        },
        {
          "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
        },
        {
          "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
        },
        {
          "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
        },
        {
          "name": "DSA-5522",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5522"
        },
        {
          "name": "DSA-5521",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5521"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2023-44487"
        },
        {
          "url": "https://github.com/ninenines/cowboy/issues/1615"
        },
        {
          "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
        },
        {
          "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
        },
        {
          "url": "https://blog.vespa.ai/cve-2023-44487/"
        },
        {
          "url": "https://github.com/etcd-io/etcd/issues/16740"
        },
        {
          "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
        },
        {
          "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
        },
        {
          "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "url": "https://ubuntu.com/security/CVE-2023-44487"
        },
        {
          "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
        },
        {
          "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
        },
        {
          "url": "https://github.com/apache/httpd-site/pull/10"
        },
        {
          "url": "https://github.com/projectcontour/contour/pull/5826"
        },
        {
          "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
        },
        {
          "url": "https://github.com/line/armeria/pull/5232"
        },
        {
          "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
        },
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
        },
        {
          "url": "https://github.com/akka/akka-http/issues/4323"
        },
        {
          "url": "https://github.com/openresty/openresty/issues/930"
        },
        {
          "url": "https://github.com/apache/apisix/issues/10320"
        },
        {
          "url": "https://github.com/Azure/AKS/issues/3947"
        },
        {
          "url": "https://github.com/Kong/kong/discussions/11741"
        },
        {
          "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
        },
        {
          "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
        },
        {
          "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
        },
        {
          "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
        },
        {
          "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
        },
        {
          "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
        },
        {
          "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
        },
        {
          "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
        },
        {
          "name": "FEDORA-2023-ed2642fd58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
        },
        {
          "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
        },
        {
          "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
        },
        {
          "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
        },
        {
          "name": "[oss-security] 20231018 Vulnerability in Jenkins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
        },
        {
          "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
        },
        {
          "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
        },
        {
          "name": "FEDORA-2023-54fadada12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
        },
        {
          "name": "FEDORA-2023-5ff7bf1dd8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
        },
        {
          "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
        },
        {
          "name": "FEDORA-2023-17efd3f2cd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
        },
        {
          "name": "FEDORA-2023-d5030c983c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
        },
        {
          "name": "FEDORA-2023-0259c3f26f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
        },
        {
          "name": "FEDORA-2023-2a9214af5f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
        },
        {
          "name": "FEDORA-2023-e9c04d81c1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
        },
        {
          "name": "FEDORA-2023-f66fc0f62a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
        },
        {
          "name": "FEDORA-2023-4d2fd884ea",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
        },
        {
          "name": "FEDORA-2023-b2c50535cb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
        },
        {
          "name": "FEDORA-2023-fe53e13b5b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
        },
        {
          "name": "FEDORA-2023-4bf641255e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
        },
        {
          "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
        },
        {
          "name": "DSA-5540",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5540"
        },
        {
          "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
        },
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
        },
        {
          "name": "FEDORA-2023-1caffb88af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
        },
        {
          "name": "FEDORA-2023-3f70b8d406",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
        },
        {
          "name": "FEDORA-2023-7b52921cae",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
        },
        {
          "name": "FEDORA-2023-7934802344",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
        },
        {
          "name": "FEDORA-2023-dbe64661af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
        },
        {
          "name": "FEDORA-2023-822aab0a5a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
        },
        {
          "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
        },
        {
          "name": "DSA-5549",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5549"
        },
        {
          "name": "FEDORA-2023-c0c6a91330",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
        },
        {
          "name": "FEDORA-2023-492b7be466",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
        },
        {
          "name": "DSA-5558",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5558"
        },
        {
          "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
        },
        {
          "name": "GLSA-202311-09",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202311-09"
        },
        {
          "name": "DSA-5570",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5570"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        },
        {
          "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
        },
        {
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-44487",
    "datePublished": "2023-10-10T00:00:00.000Z",
    "dateReserved": "2023-09-29T00:00:00.000Z",
    "dateUpdated": "2025-11-04T21:08:27.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3971 (GCVE-0-2023-3971)

Vulnerability from cvelistv5 – Published: 2023-10-04 14:26 – Updated: 2025-11-20 19:51
VLAI?
Title
Controller: html injection in custom login info
Summary
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Severity ?
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CWE
  • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
https://access.redhat.com/errata/RHSA-2023:4340 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4590 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3971 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2226965 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:4.3.11-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:4.3.11-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
    cpe:/a:redhat:ansible_automation_platform:2.3::el9
    cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
    cpe:/a:redhat:ansible_automation_platform:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
    cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:4.4.1-1.el8ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:4.4.1-1.el9ap , < * (rpm)
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
 Create a notification for this product.
Date Public ?
2023-07-27 07:28
Credits
Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-26T19:46:29.640652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:34.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:4340",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4340"
          },
          {
            "name": "RHSA-2023:4590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4590"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
          },
          {
            "name": "RHBZ#2226965",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.3.11-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.3.11-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.1-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.1-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue."
        }
      ],
      "datePublic": "2023-07-27T07:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T19:51:46.690Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:4340",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:4340"
        },
        {
          "name": "RHSA-2023:4590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:4590"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
        },
        {
          "name": "RHBZ#2226965",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-18T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-07-27T07:28:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Controller: html injection in custom login info",
      "x_redhatCweChain": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3971",
    "datePublished": "2023-10-04T14:26:01.621Z",
    "dateReserved": "2023-07-27T07:24:40.604Z",
    "dateUpdated": "2025-11-20T19:51:46.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}