Search

Find a vulnerability

Search criteria

    48 vulnerabilities found for ansible_automation_platform by redhat

    CVE-2025-57847 (GCVE-0-2025-57847)

    Vulnerability from nvd – Published: 2026-04-08 13:55 – Updated: 2026-04-08 16:13
    VLAI
    Title
    Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions
    Summary
    A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-57847 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2391092 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Date Public
    2026-04-08 13:47
    Credits
    Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-57847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T15:42:54.958669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T16:13:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/controller-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/de-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/de-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-29-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/ansible-dev-tools-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/controller-rhel8-operator",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/de-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/de-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/ee-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/ee-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T13:47:09.259Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:55:00.729Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-57847"
            },
            {
              "name": "RHBZ#2391092",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391092"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-26T17:29:34.376Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T13:47:09.259Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-57847",
        "datePublished": "2026-04-08T13:55:00.729Z",
        "dateReserved": "2025-08-21T14:40:40.821Z",
        "dateUpdated": "2026-04-08T16:13:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9909 (GCVE-0-2025-9909)

    Vulnerability from nvd – Published: 2026-02-27 07:30 – Updated: 2026-02-27 18:43
    VLAI
    Title
    Aap-gateway: improper path validation in gateway allows credential exfiltration
    Summary
    A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:21768 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21775 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-9909 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2392836 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.20251210-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.20251210-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:2.6.20251119-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Date Public
    2025-09-17 23:59
    Credits
    This issue was discovered by Elijah DeLee (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9909",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T18:42:58.678456Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T18:43:09.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.20251210-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.20251210-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.20251119-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/gateway-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-26/gateway-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Elijah DeLee (Red Hat)."
            }
          ],
          "datePublic": "2025-09-17T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-647",
                  "description": "Use of Non-Canonical URL Paths for Authorization Decisions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:30:00.885Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21768",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21768"
            },
            {
              "name": "RHSA-2025:21775",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21775"
            },
            {
              "name": "RHSA-2025:23069",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23069"
            },
            {
              "name": "RHSA-2025:23131",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23131"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9909"
            },
            {
              "name": "RHBZ#2392836",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392836"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T07:53:49.538Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-17T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap-gateway: improper path validation in gateway allows credential exfiltration",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-647: Use of Non-Canonical URL Paths for Authorization Decisions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9909",
        "datePublished": "2026-02-27T07:30:00.885Z",
        "dateReserved": "2025-09-03T07:57:09.461Z",
        "dateUpdated": "2026-02-27T18:43:09.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9908 (GCVE-0-2025-9908)

    Vulnerability from nvd – Published: 2026-02-27 07:29 – Updated: 2026-03-03 18:09
    VLAI
    Title
    Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
    Summary
    A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-9908 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2392835 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Date Public
    2025-09-17 23:59
    Credits
    This issue was discovered by Elijah DeLee (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9908",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-28T04:55:38.778174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-03T18:09:46.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Elijah DeLee (Red Hat)."
            }
          ],
          "datePublic": "2025-09-17T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:29:32.368Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19201"
            },
            {
              "name": "RHSA-2025:19221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19221"
            },
            {
              "name": "RHSA-2025:23069",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23069"
            },
            {
              "name": "RHSA-2025:23131",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23131"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9908"
            },
            {
              "name": "RHBZ#2392835",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392835"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T07:47:46.731Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-17T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9908",
        "datePublished": "2026-02-27T07:29:32.368Z",
        "dateReserved": "2025-09-03T07:53:14.097Z",
        "dateUpdated": "2026-03-03T18:09:46.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9907 (GCVE-0-2025-9907)

    Vulnerability from nvd – Published: 2026-02-27 07:29 – Updated: 2026-02-28 04:55
    VLAI
    Title
    Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
    Summary
    A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-9907 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2392834 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Date Public
    2025-09-17 23:59
    Credits
    This issue was discovered by Elijah DeLee (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-28T04:55:39.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Elijah DeLee (Red Hat)."
            }
          ],
          "datePublic": "2025-09-17T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:29:06.070Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19201"
            },
            {
              "name": "RHSA-2025:19221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19221"
            },
            {
              "name": "RHSA-2025:23069",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23069"
            },
            {
              "name": "RHSA-2025:23131",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23131"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9907"
            },
            {
              "name": "RHBZ#2392834",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392834"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T07:28:31.788Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-17T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9907",
        "datePublished": "2026-02-27T07:29:06.070Z",
        "dateReserved": "2025-09-03T07:44:22.984Z",
        "dateUpdated": "2026-02-28T04:55:39.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53862 (GCVE-0-2025-53862)

    Vulnerability from nvd – Published: 2025-07-11 12:34 – Updated: 2025-11-21 07:36
    VLAI
    Title
    Aap: aap-gateway: automation-hub: sensitive information disclosure
    Summary
    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-53862 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2379359 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Date Public
    2025-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:20:24.432172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:20:29.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T07:36:54.612Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-53862"
            },
            {
              "name": "RHBZ#2379359",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379359"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-10T18:50:55.616Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap: aap-gateway: automation-hub: sensitive information disclosure",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, there is no mitigation available for this vulnerability."
            }
          ],
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-53862",
        "datePublished": "2025-07-11T12:34:24.020Z",
        "dateReserved": "2025-07-10T19:20:35.739Z",
        "dateUpdated": "2025-11-21T07:36:54.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53861 (GCVE-0-2025-53861)

    Vulnerability from nvd – Published: 2025-07-11 12:44 – Updated: 2025-11-21 07:36
    VLAI
    Title
    Aap: sensitive cookie(s) set without security flags
    Summary
    A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-53861 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2379360 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Date Public
    2025-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:19:33.437729Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:19:51.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T07:36:54.466Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-53861"
            },
            {
              "name": "RHBZ#2379360",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379360"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-10T18:30:50.752Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap: sensitive cookie(s) set without security flags",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, there is no mitigation available for this vulnerability."
            }
          ],
          "x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-53861",
        "datePublished": "2025-07-11T12:44:17.837Z",
        "dateReserved": "2025-07-10T19:20:35.738Z",
        "dateUpdated": "2025-11-21T07:36:54.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10033 (GCVE-0-2024-10033)

    Vulnerability from nvd – Published: 2024-10-16 16:59 – Updated: 2025-11-20 18:11
    VLAI
    Title
    Aap-gateway: xss on aap-gateway
    Summary
    A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:8534 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-10033 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2319162 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.5.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.3-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.3-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Date Public
    2024-10-16 00:00
    Credits
    This issue was discovered by Rick Elrod (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T17:37:00.293002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:56:50.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "aap-gateway",
              "versions": [
                {
                  "lessThan": "2.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.3-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.3-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Rick Elrod (Red Hat)."
            }
          ],
          "datePublic": "2024-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:11:34.539Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:8534",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8534"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-10033"
            },
            {
              "name": "RHBZ#2319162",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-16T13:44:08.666Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-10-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap-gateway: xss on aap-gateway",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-10033",
        "datePublished": "2024-10-16T16:59:43.968Z",
        "dateReserved": "2024-10-16T13:48:55.226Z",
        "dateUpdated": "2025-11-20T18:11:34.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0690 (GCVE-0-2024-0690)

    Vulnerability from nvd – Published: 2024-02-06 12:00 – Updated: 2025-11-06 21:48
    VLAI
    Title
    Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
    Summary
    An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 2.14.0 , < 2.14.4 (semver)
    Affected: 2.15.0 , < 2.15.9 (semver)
    Affected: 2.16.0 , < 2.16.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.9-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.9-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.16.3-2.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.14.14-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Date Public
    2024-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-06T18:30:30.103500Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:35.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:31.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0733"
              },
              {
                "name": "RHSA-2024:2246",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2246"
              },
              {
                "name": "RHSA-2024:3043",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3043"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
              },
              {
                "name": "RHBZ#2259013",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ansible/ansible/pull/82565"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250117-0001/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.ansible.com/",
              "defaultStatus": "unaffected",
              "packageName": "ansible",
              "versions": [
                {
                  "lessThan": "2.14.4",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.15.9",
                  "status": "affected",
                  "version": "2.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.16.3",
                  "status": "affected",
                  "version": "2.16.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.9-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.9-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.3-2.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.14.14-1.el9",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2024-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:48:28.724Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0733"
            },
            {
              "name": "RHSA-2024:2246",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2246"
            },
            {
              "name": "RHSA-2024:3043",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3043"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
            },
            {
              "name": "RHBZ#2259013",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
            },
            {
              "url": "https://github.com/ansible/ansible/pull/82565"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-18T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-18T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration",
          "workarounds": [
            {
              "lang": "en",
              "value": "Explicitly setting \u0027no_log\u0027 within the playbook will prevent the output from containing potentially sensitive information."
            }
          ],
          "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0690",
        "datePublished": "2024-02-06T12:00:28.505Z",
        "dateReserved": "2024-01-18T16:03:22.626Z",
        "dateUpdated": "2025-11-06T21:48:28.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-50782 (GCVE-0-2023-50782)

    Vulnerability from nvd – Published: 2024-02-05 20:45 – Updated: 2026-03-24 11:28
    VLAI
    Title
    Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
    Summary
    A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-12-13 00:00
    Credits
    This issue was discovered by Hubert Kario (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
              },
              {
                "name": "RHBZ#2254432",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.couchbase.com/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50782",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-15T16:14:33.778114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:24.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/pyca/cryptography",
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "versions": [
                {
                  "lessThan": "42.0.0",
                  "status": "affected",
                  "version": "3.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "python-cryptography",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python39:3.9/python-cryptography",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-cryptography",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-cryptography",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Hubert Kario (Red Hat)."
            }
          ],
          "datePublic": "2023-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T11:28:21.353Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
            },
            {
              "name": "RHBZ#2254432",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-203: Observable Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-50782",
        "datePublished": "2024-02-05T20:45:49.705Z",
        "dateReserved": "2023-12-13T20:44:02.023Z",
        "dateUpdated": "2026-03-24T11:28:21.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5115 (GCVE-0-2023-5115)

    Vulnerability from nvd – Published: 2023-12-18 13:43 – Updated: 2025-11-20 17:29
    VLAI
    Title
    Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
    Summary
    An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:2.14.11-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:2.14.11-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:2.15.5-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:2.15.5-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
    Create a notification for this product.
    Date Public
    2023-09-21 19:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:5701",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5701"
              },
              {
                "name": "RHSA-2023:5758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5758"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
              },
              {
                "name": "RHBZ#2233810",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.11-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.11-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.15.5-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.15.5-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-09-21T19:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "Absolute Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T17:29:54.523Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:5701",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5701"
            },
            {
              "name": "RHSA-2023:5758",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5758"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
            },
            {
              "name": "RHBZ#2233810",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-23T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-09-21T19:33:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files",
          "x_redhatCweChain": "CWE-36: Absolute Path Traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5115",
        "datePublished": "2023-12-18T13:43:07.791Z",
        "dateReserved": "2023-09-21T19:29:27.130Z",
        "dateUpdated": "2025-11-20T17:29:54.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5764 (GCVE-0-2023-5764)

    Vulnerability from nvd – Published: 2023-12-12 22:01 – Updated: 2025-11-20 18:07
    VLAI
    Title
    Ansible: template injection
    Summary
    A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.8-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.8-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Date Public
    2023-11-02 12:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5764",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T03:55:28.216152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T19:39:40.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:07:31.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:7773",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7773"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
              },
              {
                "name": "RHBZ#2247629",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-11-02T12:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "Improper Neutralization of Special Elements Used in a Template Engine",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:07:16.802Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:7773",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7773"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
            },
            {
              "name": "RHBZ#2247629",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-02T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-11-02T12:57:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible: template injection",
          "x_redhatCweChain": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5764",
        "datePublished": "2023-12-12T22:01:33.467Z",
        "dateReserved": "2023-10-25T10:27:46.601Z",
        "dateUpdated": "2025-11-20T18:07:16.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5189 (GCVE-0-2023-5189)

    Vulnerability from nvd – Published: 2023-11-14 22:57 – Updated: 2025-11-20 17:30
    VLAI
    Title
    Hub: insecure galaxy-importer tarfile extraction
    Summary
    A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:7773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1536 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2010 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-5189 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2234387 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:0.4.18-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:0.4.18-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:0.4.18-2.el8pc , < * (rpm)
        cpe:/a:redhat:satellite:6.14::el8
        cpe:/a:redhat:satellite_capsule:6.14::el8
        cpe:/a:redhat:satellite_utils:6.14::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:0.4.19-2.el8pc , < * (rpm)
        cpe:/a:redhat:satellite_utils:6.15::el8
        cpe:/a:redhat:satellite_capsule:6.15::el8
        cpe:/a:redhat:satellite:6.15::el8
        cpe:/a:redhat:satellite_maintenance:6.15::el8
    Create a notification for this product.
    Date Public
    2023-09-26 05:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:7773",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7773"
              },
              {
                "name": "RHSA-2024:1536",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1536"
              },
              {
                "name": "RHSA-2024:2010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2010"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
              },
              {
                "name": "RHBZ#2234387",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T14:15:00.429640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T14:16:10.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python3x-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_utils:6.15::el8",
                "cpe:/a:redhat:satellite_capsule:6.15::el8",
                "cpe:/a:redhat:satellite:6.15::el8",
                "cpe:/a:redhat:satellite_maintenance:6.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.15 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.19-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_utils:6.15::el8",
                "cpe:/a:redhat:satellite_capsule:6.15::el8",
                "cpe:/a:redhat:satellite:6.15::el8",
                "cpe:/a:redhat:satellite_maintenance:6.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.15 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.19-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-09-26T05:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T17:30:17.896Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:7773",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7773"
            },
            {
              "name": "RHSA-2024:1536",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1536"
            },
            {
              "name": "RHSA-2024:2010",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2010"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
            },
            {
              "name": "RHBZ#2234387",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-23T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-09-26T05:28:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Hub: insecure galaxy-importer tarfile extraction",
          "x_redhatCweChain": "CWE-23: Relative Path Traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5189",
        "datePublished": "2023-11-14T22:57:00.584Z",
        "dateReserved": "2023-09-26T05:27:24.004Z",
        "dateUpdated": "2025-11-20T17:30:17.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-44487 (GCVE-0-2023-44487)

    Vulnerability from nvd – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
    VLAI CISA KEVIntel
    Summary
    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://github.com/dotnet/core/blob/e4613450ea0da…
    https://blog.cloudflare.com/technical-breakdown-h…
    https://aws.amazon.com/security/security-bulletin…
    https://cloud.google.com/blog/products/identity-s…
    https://www.nginx.com/blog/http-2-rapid-reset-att…
    https://cloud.google.com/blog/products/identity-s…
    https://news.ycombinator.com/item?id=37831062
    https://blog.cloudflare.com/zero-day-rapid-reset-…
    https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    https://github.com/envoyproxy/envoy/pull/30055
    https://github.com/haproxy/haproxy/issues/2312
    https://github.com/eclipse/jetty.project/issues/10679
    https://forums.swift.org/t/swift-nio-http2-securi…
    https://github.com/nghttp2/nghttp2/pull/1961
    https://github.com/netty/netty/commit/58f75f665aa…
    https://github.com/alibaba/tengine/issues/1872
    https://github.com/apache/tomcat/tree/main/java/o…
    https://news.ycombinator.com/item?id=37830987
    https://news.ycombinator.com/item?id=37830998
    https://github.com/caddyserver/caddy/issues/5877
    https://www.bleepingcomputer.com/news/security/ne…
    https://github.com/bcdannyboy/CVE-2023-44487
    https://github.com/grpc/grpc-go/pull/6703
    https://github.com/icing/mod_h2/blob/0a864782af0a…
    https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    https://mailman.nginx.org/pipermail/nginx-devel/2…
    https://my.f5.com/manage/s/article/K000137106
    https://msrc.microsoft.com/blog/2023/10/microsoft…
    https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    https://cgit.freebsd.org/ports/commit/?id=c64c329…
    http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
    https://seanmonstar.com/post/730794151136935936/h…
    https://github.com/microsoft/CBL-Mariner/pull/6381
    https://groups.google.com/g/golang-announce/c/iNN…
    https://github.com/facebook/proxygen/pull/466
    https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
    https://github.com/micrictor/http2-rst-stream
    https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
    https://openssf.org/blog/2023/10/10/http-2-rapid-…
    https://github.com/h2o/h2o/security/advisories/GH…
    https://github.com/h2o/h2o/pull/3291
    https://github.com/nodejs/node/pull/50121
    https://github.com/dotnet/announcements/issues/277
    https://github.com/golang/go/issues/63417
    https://github.com/advisories/GHSA-vx74-f528-fxqg
    https://github.com/apache/trafficserver/pull/10564
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://tomcat.apache.org/security-10.html#Fixed_…
    https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
    https://www.openwall.com/lists/oss-security/2023/…
    https://www.haproxy.com/blog/haproxy-is-not-affec…
    https://github.com/opensearch-project/data-preppe…
    https://github.com/kubernetes/kubernetes/pull/121120
    https://github.com/oqtane/oqtane.framework/discus…
    https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    https://netty.io/news/2023/10/10/4-1-100-Final.html
    https://www.cisa.gov/news-events/alerts/2023/10/1…
    https://www.theregister.com/2023/10/10/http2_rapi…
    https://blog.qualys.com/vulnerabilities-threat-re…
    https://news.ycombinator.com/item?id=37837043
    https://github.com/kazu-yamamoto/http2/issues/93
    https://martinthomson.github.io/h2-stream-limits/…
    https://github.com/kazu-yamamoto/http2/commit/f61…
    https://github.com/apache/httpd/blob/afcdbeebbff4…
    https://www.debian.org/security/2023/dsa-5522 vendor-advisory
    https://www.debian.org/security/2023/dsa-5521 vendor-advisory
    https://access.redhat.com/security/cve/cve-2023-44487
    https://github.com/ninenines/cowboy/issues/1615
    https://github.com/varnishcache/varnish-cache/iss…
    https://github.com/tempesta-tech/tempesta/issues/1986
    https://blog.vespa.ai/cve-2023-44487/
    https://github.com/etcd-io/etcd/issues/16740
    https://www.darkreading.com/cloud/internet-wide-z…
    https://istio.io/latest/news/security/istio-secur…
    https://github.com/junkurihara/rust-rpxy/issues/97
    https://bugzilla.suse.com/show_bug.cgi?id=1216123
    https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    https://ubuntu.com/security/CVE-2023-44487
    https://community.traefik.io/t/is-traefik-vulnera…
    https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    https://github.com/apache/httpd-site/pull/10
    https://github.com/projectcontour/contour/pull/5826
    https://github.com/linkerd/website/pull/1695/comm…
    https://github.com/line/armeria/pull/5232
    https://blog.litespeedtech.com/2023/10/11/rapid-r…
    https://security.paloaltonetworks.com/CVE-2023-44487
    https://github.com/akka/akka-http/issues/4323
    https://github.com/openresty/openresty/issues/930
    https://github.com/apache/apisix/issues/10320
    https://github.com/Azure/AKS/issues/3947
    https://github.com/Kong/kong/discussions/11741
    https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    https://www.netlify.com/blog/netlify-successfully…
    https://github.com/caddyserver/caddy/releases/tag…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
    https://arstechnica.com/security/2023/10/how-ddos…
    https://lists.w3.org/Archives/Public/ietf-http-wg…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.netapp.com/advisory/ntap-2023101…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5540 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5549 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.debian.org/security/2023/dsa-5558 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.gentoo.org/glsa/202311-09 vendor-advisory
    https://www.debian.org/security/2023/dsa-5570 vendor-advisory
    https://security.netapp.com/advisory/ntap-2024042…
    https://security.netapp.com/advisory/ntap-2024062…
    https://security.netapp.com/advisory/ntap-2024062…
    https://github.com/grpc/grpc/releases/tag/v1.59.2
    https://sec.cloudapps.cisco.com/security/center/c…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://www.vicarius.io/vsociety/posts/rapid-rese…
    http://www.openwall.com/lists/oss-security/2025/08/13/6
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "http",
                "vendor": "ietf",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44487",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:34:21.334116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-10-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-10-10T00:00:00.000Z",
                "value": "CVE-2023-44487 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37831062"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/envoyproxy/envoy/pull/30055"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/haproxy/haproxy/issues/2312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/jetty.project/issues/10679"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/pull/1961"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/alibaba/tengine/issues/1872"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830998"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/issues/5877"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/bcdannyboy/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-go/pull/6703"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000137106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/proxygen/pull/466"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/micrictor/http2-rst-stream"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/pull/3291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nodejs/node/pull/50121"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/announcements/issues/277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/trafficserver/pull/10564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kubernetes/kubernetes/pull/121120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37837043"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/issues/93"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
              },
              {
                "name": "DSA-5522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5522"
              },
              {
                "name": "DSA-5521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ninenines/cowboy/issues/1615"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.vespa.ai/cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/etcd-io/etcd/issues/16740"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd-site/pull/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/projectcontour/contour/pull/5826"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/line/armeria/pull/5232"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/akka/akka-http/issues/4323"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openresty/openresty/issues/930"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/apisix/issues/10320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/3947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Kong/kong/discussions/11741"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
              },
              {
                "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
              },
              {
                "name": "FEDORA-2023-ed2642fd58",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
              },
              {
                "name": "[oss-security] 20231018 Vulnerability in Jenkins",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
              },
              {
                "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
              },
              {
                "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
              },
              {
                "name": "FEDORA-2023-54fadada12",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
              },
              {
                "name": "FEDORA-2023-5ff7bf1dd8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
              },
              {
                "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
              },
              {
                "name": "FEDORA-2023-17efd3f2cd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
              },
              {
                "name": "FEDORA-2023-d5030c983c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
              },
              {
                "name": "FEDORA-2023-0259c3f26f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
              },
              {
                "name": "FEDORA-2023-2a9214af5f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
              },
              {
                "name": "FEDORA-2023-e9c04d81c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
              },
              {
                "name": "FEDORA-2023-f66fc0f62a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
              },
              {
                "name": "FEDORA-2023-4d2fd884ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
              },
              {
                "name": "FEDORA-2023-b2c50535cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
              },
              {
                "name": "FEDORA-2023-fe53e13b5b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "name": "FEDORA-2023-4bf641255e",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
              },
              {
                "name": "DSA-5540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5540"
              },
              {
                "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
              },
              {
                "name": "FEDORA-2023-1caffb88af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
              },
              {
                "name": "FEDORA-2023-3f70b8d406",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
              },
              {
                "name": "FEDORA-2023-7b52921cae",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
              },
              {
                "name": "FEDORA-2023-7934802344",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
              },
              {
                "name": "FEDORA-2023-dbe64661af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
              },
              {
                "name": "FEDORA-2023-822aab0a5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
              },
              {
                "name": "DSA-5549",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5549"
              },
              {
                "name": "FEDORA-2023-c0c6a91330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
              },
              {
                "name": "FEDORA-2023-492b7be466",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
              },
              {
                "name": "DSA-5558",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5558"
              },
              {
                "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
              },
              {
                "name": "GLSA-202311-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "name": "DSA-5570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T10:52:23.784Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-07T20:05:34.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
            },
            {
              "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
            },
            {
              "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
            },
            {
              "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37831062"
            },
            {
              "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
            },
            {
              "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
            },
            {
              "url": "https://github.com/envoyproxy/envoy/pull/30055"
            },
            {
              "url": "https://github.com/haproxy/haproxy/issues/2312"
            },
            {
              "url": "https://github.com/eclipse/jetty.project/issues/10679"
            },
            {
              "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/pull/1961"
            },
            {
              "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
            },
            {
              "url": "https://github.com/alibaba/tengine/issues/1872"
            },
            {
              "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830987"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830998"
            },
            {
              "url": "https://github.com/caddyserver/caddy/issues/5877"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
            },
            {
              "url": "https://github.com/bcdannyboy/CVE-2023-44487"
            },
            {
              "url": "https://github.com/grpc/grpc-go/pull/6703"
            },
            {
              "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
            },
            {
              "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000137106"
            },
            {
              "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
            },
            {
              "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
            },
            {
              "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
            },
            {
              "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
            },
            {
              "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
            },
            {
              "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
            },
            {
              "url": "https://github.com/facebook/proxygen/pull/466"
            },
            {
              "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
            },
            {
              "url": "https://github.com/micrictor/http2-rst-stream"
            },
            {
              "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
            },
            {
              "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
            },
            {
              "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
            },
            {
              "url": "https://github.com/h2o/h2o/pull/3291"
            },
            {
              "url": "https://github.com/nodejs/node/pull/50121"
            },
            {
              "url": "https://github.com/dotnet/announcements/issues/277"
            },
            {
              "url": "https://github.com/golang/go/issues/63417"
            },
            {
              "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
            },
            {
              "url": "https://github.com/apache/trafficserver/pull/10564"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
            },
            {
              "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
            },
            {
              "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
            },
            {
              "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
            },
            {
              "url": "https://github.com/kubernetes/kubernetes/pull/121120"
            },
            {
              "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
            },
            {
              "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
            },
            {
              "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
            },
            {
              "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
            },
            {
              "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
            },
            {
              "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37837043"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/issues/93"
            },
            {
              "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
            },
            {
              "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
            },
            {
              "name": "DSA-5522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5522"
            },
            {
              "name": "DSA-5521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5521"
            },
            {
              "url": "https://access.redhat.com/security/cve/cve-2023-44487"
            },
            {
              "url": "https://github.com/ninenines/cowboy/issues/1615"
            },
            {
              "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
            },
            {
              "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
            },
            {
              "url": "https://blog.vespa.ai/cve-2023-44487/"
            },
            {
              "url": "https://github.com/etcd-io/etcd/issues/16740"
            },
            {
              "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
            },
            {
              "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
            },
            {
              "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2023-44487"
            },
            {
              "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
            },
            {
              "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
            },
            {
              "url": "https://github.com/apache/httpd-site/pull/10"
            },
            {
              "url": "https://github.com/projectcontour/contour/pull/5826"
            },
            {
              "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
            },
            {
              "url": "https://github.com/line/armeria/pull/5232"
            },
            {
              "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
            },
            {
              "url": "https://github.com/akka/akka-http/issues/4323"
            },
            {
              "url": "https://github.com/openresty/openresty/issues/930"
            },
            {
              "url": "https://github.com/apache/apisix/issues/10320"
            },
            {
              "url": "https://github.com/Azure/AKS/issues/3947"
            },
            {
              "url": "https://github.com/Kong/kong/discussions/11741"
            },
            {
              "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
            },
            {
              "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
            },
            {
              "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
            },
            {
              "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
            },
            {
              "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
            },
            {
              "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
            },
            {
              "name": "FEDORA-2023-ed2642fd58",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
            },
            {
              "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
            },
            {
              "name": "[oss-security] 20231018 Vulnerability in Jenkins",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
            },
            {
              "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
            },
            {
              "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
            },
            {
              "name": "FEDORA-2023-54fadada12",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
            },
            {
              "name": "FEDORA-2023-5ff7bf1dd8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
            },
            {
              "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
            },
            {
              "name": "FEDORA-2023-17efd3f2cd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
            },
            {
              "name": "FEDORA-2023-d5030c983c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
            },
            {
              "name": "FEDORA-2023-0259c3f26f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
            },
            {
              "name": "FEDORA-2023-2a9214af5f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
            },
            {
              "name": "FEDORA-2023-e9c04d81c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
            },
            {
              "name": "FEDORA-2023-f66fc0f62a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
            },
            {
              "name": "FEDORA-2023-4d2fd884ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
            },
            {
              "name": "FEDORA-2023-b2c50535cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
            },
            {
              "name": "FEDORA-2023-fe53e13b5b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "name": "FEDORA-2023-4bf641255e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
            },
            {
              "name": "DSA-5540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5540"
            },
            {
              "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
            },
            {
              "name": "FEDORA-2023-1caffb88af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
            },
            {
              "name": "FEDORA-2023-3f70b8d406",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
            },
            {
              "name": "FEDORA-2023-7b52921cae",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
            },
            {
              "name": "FEDORA-2023-7934802344",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
            },
            {
              "name": "FEDORA-2023-dbe64661af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
            },
            {
              "name": "FEDORA-2023-822aab0a5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
            },
            {
              "name": "DSA-5549",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5549"
            },
            {
              "name": "FEDORA-2023-c0c6a91330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
            },
            {
              "name": "FEDORA-2023-492b7be466",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
            },
            {
              "name": "DSA-5558",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5558"
            },
            {
              "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
            },
            {
              "name": "GLSA-202311-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "name": "DSA-5570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5570"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
            },
            {
              "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
            },
            {
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-44487",
        "datePublished": "2023-10-10T00:00:00.000Z",
        "dateReserved": "2023-09-29T00:00:00.000Z",
        "dateUpdated": "2026-05-12T10:52:23.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4380 (GCVE-0-2023-4380)

    Vulnerability from nvd – Published: 2023-10-04 14:24 – Updated: 2025-11-20 18:27
    VLAI
    Title
    Platform: token exposed at importing project
    Summary
    A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4693 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-4380 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2232324 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:1.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:1.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Date Public
    2023-08-16 10:05
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4693",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4693"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-4380"
              },
              {
                "name": "RHBZ#2232324",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-08-16T10:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:27:32.482Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4693",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4693"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4380"
            },
            {
              "name": "RHBZ#2232324",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-16T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-08-16T10:05:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Platform: token exposed at importing project",
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-4380",
        "datePublished": "2023-10-04T14:24:35.121Z",
        "dateReserved": "2023-08-16T10:02:36.139Z",
        "dateUpdated": "2025-11-20T18:27:32.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4237 (GCVE-0-2023-4237)

    Vulnerability from nvd – Published: 2023-10-04 14:23 – Updated: 2026-02-25 18:31
    VLAI
    Title
    Platform: ec2_key module prints out the private key directly to the standard output
    Summary
    A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8     cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1.0.0-423 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9     cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1.0.0-424 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Date Public
    2023-08-08 11:15
    Credits
    Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:07:30.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHBA-2023:5653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2023:5653"
              },
              {
                "name": "RHBA-2023:5666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2023:5666"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
              },
              {
                "name": "RHBZ#2229979",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-supported-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.0.0-423",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-supported-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.0.0-424",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue."
            }
          ],
          "datePublic": "2023-08-08T11:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\u0027s confidentiality, integrity, and availability."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:31:55.136Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2023:5653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2023:5653"
            },
            {
              "name": "RHBA-2023:5666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2023:5666"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4237"
            },
            {
              "name": "RHBZ#2229979",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-08T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-08-08T11:15:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Platform: ec2_key module prints out the private key directly to the standard output",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-4237",
        "datePublished": "2023-10-04T14:23:20.710Z",
        "dateReserved": "2023-08-08T11:15:05.990Z",
        "dateUpdated": "2026-02-25T18:31:55.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3971 (GCVE-0-2023-3971)

    Vulnerability from nvd – Published: 2023-10-04 14:26 – Updated: 2025-11-20 19:51
    VLAI
    Title
    Controller: html injection in custom login info
    Summary
    An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4340 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-3971 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2226965 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:4.3.11-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:4.3.11-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:4.4.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:4.4.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Date Public
    2023-07-27 07:28
    Credits
    Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T19:46:29.640652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:34.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4340",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4340"
              },
              {
                "name": "RHSA-2023:4590",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4590"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
              },
              {
                "name": "RHBZ#2226965",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.11-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.11-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue."
            }
          ],
          "datePublic": "2023-07-27T07:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T19:51:46.690Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4340",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4340"
            },
            {
              "name": "RHSA-2023:4590",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4590"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
            },
            {
              "name": "RHBZ#2226965",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-18T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-07-27T07:28:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Controller: html injection in custom login info",
          "x_redhatCweChain": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3971",
        "datePublished": "2023-10-04T14:26:01.621Z",
        "dateReserved": "2023-07-27T07:24:40.604Z",
        "dateUpdated": "2025-11-20T19:51:46.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-57847 (GCVE-0-2025-57847)

    Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 16:13
    VLAI
    Title
    Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions
    Summary
    A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-57847 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2391092 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Date Public
    2026-04-08 13:47
    Credits
    Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-57847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T15:42:54.958669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T16:13:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/controller-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/de-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/de-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-29-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-24/ee-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/ansible-dev-tools-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/controller-rhel8-operator",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/de-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/de-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/ee-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/ee-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T13:47:09.259Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T13:55:00.729Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-57847"
            },
            {
              "name": "RHBZ#2391092",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391092"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-26T17:29:34.376Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T13:47:09.259Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-57847",
        "datePublished": "2026-04-08T13:55:00.729Z",
        "dateReserved": "2025-08-21T14:40:40.821Z",
        "dateUpdated": "2026-04-08T16:13:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9909 (GCVE-0-2025-9909)

    Vulnerability from cvelistv5 – Published: 2026-02-27 07:30 – Updated: 2026-02-27 18:43
    VLAI
    Title
    Aap-gateway: improper path validation in gateway allows credential exfiltration
    Summary
    A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:21768 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21775 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-9909 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2392836 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.20251210-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.20251210-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:2.6.20251119-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Date Public
    2025-09-17 23:59
    Credits
    This issue was discovered by Elijah DeLee (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9909",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T18:42:58.678456Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T18:43:09.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.20251210-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.20251210-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.20251119-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/gateway-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-26/gateway-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Elijah DeLee (Red Hat)."
            }
          ],
          "datePublic": "2025-09-17T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-647",
                  "description": "Use of Non-Canonical URL Paths for Authorization Decisions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:30:00.885Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21768",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21768"
            },
            {
              "name": "RHSA-2025:21775",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21775"
            },
            {
              "name": "RHSA-2025:23069",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23069"
            },
            {
              "name": "RHSA-2025:23131",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23131"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9909"
            },
            {
              "name": "RHBZ#2392836",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392836"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T07:53:49.538Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-17T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap-gateway: improper path validation in gateway allows credential exfiltration",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-647: Use of Non-Canonical URL Paths for Authorization Decisions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9909",
        "datePublished": "2026-02-27T07:30:00.885Z",
        "dateReserved": "2025-09-03T07:57:09.461Z",
        "dateUpdated": "2026-02-27T18:43:09.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9908 (GCVE-0-2025-9908)

    Vulnerability from cvelistv5 – Published: 2026-02-27 07:29 – Updated: 2026-03-03 18:09
    VLAI
    Title
    Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
    Summary
    A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-9908 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2392835 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Date Public
    2025-09-17 23:59
    Credits
    This issue was discovered by Elijah DeLee (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9908",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-28T04:55:38.778174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-03T18:09:46.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Elijah DeLee (Red Hat)."
            }
          ],
          "datePublic": "2025-09-17T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:29:32.368Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19201"
            },
            {
              "name": "RHSA-2025:19221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19221"
            },
            {
              "name": "RHSA-2025:23069",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23069"
            },
            {
              "name": "RHSA-2025:23131",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23131"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9908"
            },
            {
              "name": "RHBZ#2392835",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392835"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T07:47:46.731Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-17T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9908",
        "datePublished": "2026-02-27T07:29:32.368Z",
        "dateReserved": "2025-09-03T07:53:14.097Z",
        "dateUpdated": "2026-03-03T18:09:46.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9907 (GCVE-0-2025-9907)

    Vulnerability from cvelistv5 – Published: 2026-02-27 07:29 – Updated: 2026-02-28 04:55
    VLAI
    Title
    Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
    Summary
    A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:19201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19221 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23069 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:23131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-9907 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2392834 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.1.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.2-1.1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.1.4-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.1.14-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.10.10-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.13.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.2.26-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.1.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.36-2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:23.0.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:1.6.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:9.0.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:3.8.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.2.15-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:0.4.2-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:25.12.0-1.2.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:4.15.0-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.1.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.2-1.1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.1.4-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.1.14-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.10.10-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.13.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.2.26-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.1.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.36-2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:23.0.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:1.6.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:9.0.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:3.8.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.2.15-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:0.4.2-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:25.12.0-1.2.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:4.15.0-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 for RHEL 9 Unaffected: 0:1.2.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 Unaffected: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.6 Unaffected: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.6::el9
    Create a notification for this product.
    Date Public
    2025-09-17 23:59
    Credits
    This issue was discovered by Elijah DeLee (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-28T04:55:39.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-builder",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-creator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-environment",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.2-1.1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-dev-tools",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-lint",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-navigator",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-sign",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.4-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.14-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "bindep",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.13.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "molecule",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ansible-compat",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-distlib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-django",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.26-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-execnet",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.36-2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-galaxy-ng",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.10.10-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-gunicorn",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:23.0.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pluggy",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.0.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-pytest-xdist",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-ruamel-yaml-clib",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.2.15-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-subprocess-tee",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.2-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-tox-ansible",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:25.12.0-1.2.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python3.11-typing-extensions",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.15.0-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/eda-controller-rhel8",
              "product": "Red Hat Ansible Automation Platform 2.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-26/eda-controller-rhel9",
              "product": "Red Hat Ansible Automation Platform 2.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Elijah DeLee (Red Hat)."
            }
          ],
          "datePublic": "2025-09-17T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:29:06.070Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:19201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19201"
            },
            {
              "name": "RHSA-2025:19221",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:19221"
            },
            {
              "name": "RHSA-2025:23069",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23069"
            },
            {
              "name": "RHSA-2025:23131",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23131"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9907"
            },
            {
              "name": "RHBZ#2392834",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392834"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T07:28:31.788Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-17T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9907",
        "datePublished": "2026-02-27T07:29:06.070Z",
        "dateReserved": "2025-09-03T07:44:22.984Z",
        "dateUpdated": "2026-02-28T04:55:39.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53861 (GCVE-0-2025-53861)

    Vulnerability from cvelistv5 – Published: 2025-07-11 12:44 – Updated: 2025-11-21 07:36
    VLAI
    Title
    Aap: sensitive cookie(s) set without security flags
    Summary
    A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-53861 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2379360 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Date Public
    2025-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:19:33.437729Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:19:51.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T07:36:54.466Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-53861"
            },
            {
              "name": "RHBZ#2379360",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379360"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-10T18:30:50.752Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap: sensitive cookie(s) set without security flags",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, there is no mitigation available for this vulnerability."
            }
          ],
          "x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-53861",
        "datePublished": "2025-07-11T12:44:17.837Z",
        "dateReserved": "2025-07-10T19:20:35.738Z",
        "dateUpdated": "2025-11-21T07:36:54.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53862 (GCVE-0-2025-53862)

    Vulnerability from cvelistv5 – Published: 2025-07-11 12:34 – Updated: 2025-11-21 07:36
    VLAI
    Title
    Aap: aap-gateway: automation-hub: sensitive information disclosure
    Summary
    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-53862 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2379359 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Date Public
    2025-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:20:24.432172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:20:29.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "ansible-automation-platform-25/gateway-rhel8-operator",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "automation-hub",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T07:36:54.612Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-53862"
            },
            {
              "name": "RHBZ#2379359",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379359"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-10T18:50:55.616Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap: aap-gateway: automation-hub: sensitive information disclosure",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, there is no mitigation available for this vulnerability."
            }
          ],
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-53862",
        "datePublished": "2025-07-11T12:34:24.020Z",
        "dateReserved": "2025-07-10T19:20:35.739Z",
        "dateUpdated": "2025-11-21T07:36:54.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10033 (GCVE-0-2024-10033)

    Vulnerability from cvelistv5 – Published: 2024-10-16 16:59 – Updated: 2025-11-20 18:11
    VLAI
    Title
    Aap-gateway: xss on aap-gateway
    Summary
    A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:8534 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-10033 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2319162 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.5.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 0:2.5.3-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 0:2.5.3-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Date Public
    2024-10-16 00:00
    Credits
    This issue was discovered by Rick Elrod (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T17:37:00.293002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:56:50.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "aap-gateway",
              "versions": [
                {
                  "lessThan": "2.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.3-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-gateway",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.3-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Rick Elrod (Red Hat)."
            }
          ],
          "datePublic": "2024-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:11:34.539Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:8534",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8534"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-10033"
            },
            {
              "name": "RHBZ#2319162",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-16T13:44:08.666Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-10-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Aap-gateway: xss on aap-gateway",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-10033",
        "datePublished": "2024-10-16T16:59:43.968Z",
        "dateReserved": "2024-10-16T13:48:55.226Z",
        "dateUpdated": "2025-11-20T18:11:34.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0690 (GCVE-0-2024-0690)

    Vulnerability from cvelistv5 – Published: 2024-02-06 12:00 – Updated: 2025-11-06 21:48
    VLAI
    Title
    Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
    Summary
    An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 2.14.0 , < 2.14.4 (semver)
    Affected: 2.15.0 , < 2.15.9 (semver)
    Affected: 2.16.0 , < 2.16.3 (semver)
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.9-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.9-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.16.3-2.el8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.14.14-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Date Public
    2024-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-06T18:30:30.103500Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:35.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:31.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0733"
              },
              {
                "name": "RHSA-2024:2246",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2246"
              },
              {
                "name": "RHSA-2024:3043",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3043"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
              },
              {
                "name": "RHBZ#2259013",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ansible/ansible/pull/82565"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250117-0001/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.ansible.com/",
              "defaultStatus": "unaffected",
              "packageName": "ansible",
              "versions": [
                {
                  "lessThan": "2.14.4",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.15.9",
                  "status": "affected",
                  "version": "2.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.16.3",
                  "status": "affected",
                  "version": "2.16.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.9-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.9-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.3-2.el8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.14.14-1.el9",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2024-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T21:48:28.724Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0733"
            },
            {
              "name": "RHSA-2024:2246",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2246"
            },
            {
              "name": "RHSA-2024:3043",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3043"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-0690"
            },
            {
              "name": "RHBZ#2259013",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
            },
            {
              "url": "https://github.com/ansible/ansible/pull/82565"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-18T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-01-18T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration",
          "workarounds": [
            {
              "lang": "en",
              "value": "Explicitly setting \u0027no_log\u0027 within the playbook will prevent the output from containing potentially sensitive information."
            }
          ],
          "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-0690",
        "datePublished": "2024-02-06T12:00:28.505Z",
        "dateReserved": "2024-01-18T16:03:22.626Z",
        "dateUpdated": "2025-11-06T21:48:28.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-50782 (GCVE-0-2023-50782)

    Vulnerability from cvelistv5 – Published: 2024-02-05 20:45 – Updated: 2026-03-24 11:28
    VLAI
    Title
    Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
    Summary
    A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-12-13 00:00
    Credits
    This issue was discovered by Hubert Kario (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.327Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
              },
              {
                "name": "RHBZ#2254432",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.couchbase.com/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50782",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-15T16:14:33.778114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:24.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/pyca/cryptography",
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "versions": [
                {
                  "lessThan": "42.0.0",
                  "status": "affected",
                  "version": "3.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "python-cryptography",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python39:3.9/python-cryptography",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-cryptography",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "python-cryptography",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-cryptography",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Hubert Kario (Red Hat)."
            }
          ],
          "datePublic": "2023-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T11:28:21.353Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
            },
            {
              "name": "RHBZ#2254432",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-203: Observable Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-50782",
        "datePublished": "2024-02-05T20:45:49.705Z",
        "dateReserved": "2023-12-13T20:44:02.023Z",
        "dateUpdated": "2026-03-24T11:28:21.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5115 (GCVE-0-2023-5115)

    Vulnerability from cvelistv5 – Published: 2023-12-18 13:43 – Updated: 2025-11-20 17:29
    VLAI
    Title
    Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
    Summary
    An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
    CWE
    • CWE-36 - Absolute Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:2.14.11-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:2.14.11-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:2.15.5-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:2.15.5-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 1.2     cpe:/a:redhat:ansible_automation_platform
    Create a notification for this product.
    Date Public
    2023-09-21 19:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:5701",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5701"
              },
              {
                "name": "RHSA-2023:5758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5758"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
              },
              {
                "name": "RHBZ#2233810",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.11-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.11-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.15.5-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.15.5-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible",
              "product": "Red Hat Ansible Automation Platform 1.2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-09-21T19:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "Absolute Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T17:29:54.523Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:5701",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5701"
            },
            {
              "name": "RHSA-2023:5758",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5758"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5115"
            },
            {
              "name": "RHBZ#2233810",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-23T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-09-21T19:33:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files",
          "x_redhatCweChain": "CWE-36: Absolute Path Traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5115",
        "datePublished": "2023-12-18T13:43:07.791Z",
        "dateReserved": "2023-09-21T19:29:27.130Z",
        "dateUpdated": "2025-11-20T17:29:54.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5764 (GCVE-0-2023-5764)

    Vulnerability from cvelistv5 – Published: 2023-12-12 22:01 – Updated: 2025-11-20 18:07
    VLAI
    Title
    Ansible: template injection
    Summary
    A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.8-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.8-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    Create a notification for this product.
    Date Public
    2023-11-02 12:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5764",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-19T03:55:28.216152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T19:39:40.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-25T13:07:31.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:7773",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7773"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
              },
              {
                "name": "RHBZ#2247629",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.8-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-11-02T12:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "Improper Neutralization of Special Elements Used in a Template Engine",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T18:07:16.802Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:7773",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7773"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5764"
            },
            {
              "name": "RHBZ#2247629",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-02T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-11-02T12:57:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible: template injection",
          "x_redhatCweChain": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5764",
        "datePublished": "2023-12-12T22:01:33.467Z",
        "dateReserved": "2023-10-25T10:27:46.601Z",
        "dateUpdated": "2025-11-20T18:07:16.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5189 (GCVE-0-2023-5189)

    Vulnerability from cvelistv5 – Published: 2023-11-14 22:57 – Updated: 2025-11-20 17:30
    VLAI
    Title
    Hub: insecure galaxy-importer tarfile extraction
    Summary
    A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:7773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1536 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2010 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-5189 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2234387 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:0.4.18-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:0.4.18-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:0.4.18-2.el8pc , < * (rpm)
        cpe:/a:redhat:satellite:6.14::el8
        cpe:/a:redhat:satellite_capsule:6.14::el8
        cpe:/a:redhat:satellite_utils:6.14::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:0.4.19-2.el8pc , < * (rpm)
        cpe:/a:redhat:satellite_utils:6.15::el8
        cpe:/a:redhat:satellite_capsule:6.15::el8
        cpe:/a:redhat:satellite:6.15::el8
        cpe:/a:redhat:satellite_maintenance:6.15::el8
    Create a notification for this product.
    Date Public
    2023-09-26 05:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:7773",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7773"
              },
              {
                "name": "RHSA-2024:1536",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1536"
              },
              {
                "name": "RHSA-2024:2010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2010"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
              },
              {
                "name": "RHBZ#2234387",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T14:15:00.429640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T14:16:10.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python3x-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.18-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_utils:6.15::el8",
                "cpe:/a:redhat:satellite_capsule:6.15::el8",
                "cpe:/a:redhat:satellite:6.15::el8",
                "cpe:/a:redhat:satellite_maintenance:6.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.15 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.19-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_utils:6.15::el8",
                "cpe:/a:redhat:satellite_capsule:6.15::el8",
                "cpe:/a:redhat:satellite:6.15::el8",
                "cpe:/a:redhat:satellite_maintenance:6.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "python-galaxy-importer",
              "product": "Red Hat Satellite 6.15 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.4.19-2.el8pc",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2023-09-26T05:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T17:30:17.896Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:7773",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7773"
            },
            {
              "name": "RHSA-2024:1536",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1536"
            },
            {
              "name": "RHSA-2024:2010",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2010"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-5189"
            },
            {
              "name": "RHBZ#2234387",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-23T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-09-26T05:28:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Hub: insecure galaxy-importer tarfile extraction",
          "x_redhatCweChain": "CWE-23: Relative Path Traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-5189",
        "datePublished": "2023-11-14T22:57:00.584Z",
        "dateReserved": "2023-09-26T05:27:24.004Z",
        "dateUpdated": "2025-11-20T17:30:17.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-44487 (GCVE-0-2023-44487)

    Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
    VLAI CISA KEVIntel
    Summary
    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://github.com/dotnet/core/blob/e4613450ea0da…
    https://blog.cloudflare.com/technical-breakdown-h…
    https://aws.amazon.com/security/security-bulletin…
    https://cloud.google.com/blog/products/identity-s…
    https://www.nginx.com/blog/http-2-rapid-reset-att…
    https://cloud.google.com/blog/products/identity-s…
    https://news.ycombinator.com/item?id=37831062
    https://blog.cloudflare.com/zero-day-rapid-reset-…
    https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    https://github.com/envoyproxy/envoy/pull/30055
    https://github.com/haproxy/haproxy/issues/2312
    https://github.com/eclipse/jetty.project/issues/10679
    https://forums.swift.org/t/swift-nio-http2-securi…
    https://github.com/nghttp2/nghttp2/pull/1961
    https://github.com/netty/netty/commit/58f75f665aa…
    https://github.com/alibaba/tengine/issues/1872
    https://github.com/apache/tomcat/tree/main/java/o…
    https://news.ycombinator.com/item?id=37830987
    https://news.ycombinator.com/item?id=37830998
    https://github.com/caddyserver/caddy/issues/5877
    https://www.bleepingcomputer.com/news/security/ne…
    https://github.com/bcdannyboy/CVE-2023-44487
    https://github.com/grpc/grpc-go/pull/6703
    https://github.com/icing/mod_h2/blob/0a864782af0a…
    https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    https://mailman.nginx.org/pipermail/nginx-devel/2…
    https://my.f5.com/manage/s/article/K000137106
    https://msrc.microsoft.com/blog/2023/10/microsoft…
    https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    https://cgit.freebsd.org/ports/commit/?id=c64c329…
    http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
    https://seanmonstar.com/post/730794151136935936/h…
    https://github.com/microsoft/CBL-Mariner/pull/6381
    https://groups.google.com/g/golang-announce/c/iNN…
    https://github.com/facebook/proxygen/pull/466
    https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
    https://github.com/micrictor/http2-rst-stream
    https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
    https://openssf.org/blog/2023/10/10/http-2-rapid-…
    https://github.com/h2o/h2o/security/advisories/GH…
    https://github.com/h2o/h2o/pull/3291
    https://github.com/nodejs/node/pull/50121
    https://github.com/dotnet/announcements/issues/277
    https://github.com/golang/go/issues/63417
    https://github.com/advisories/GHSA-vx74-f528-fxqg
    https://github.com/apache/trafficserver/pull/10564
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://tomcat.apache.org/security-10.html#Fixed_…
    https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
    https://www.openwall.com/lists/oss-security/2023/…
    https://www.haproxy.com/blog/haproxy-is-not-affec…
    https://github.com/opensearch-project/data-preppe…
    https://github.com/kubernetes/kubernetes/pull/121120
    https://github.com/oqtane/oqtane.framework/discus…
    https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    https://netty.io/news/2023/10/10/4-1-100-Final.html
    https://www.cisa.gov/news-events/alerts/2023/10/1…
    https://www.theregister.com/2023/10/10/http2_rapi…
    https://blog.qualys.com/vulnerabilities-threat-re…
    https://news.ycombinator.com/item?id=37837043
    https://github.com/kazu-yamamoto/http2/issues/93
    https://martinthomson.github.io/h2-stream-limits/…
    https://github.com/kazu-yamamoto/http2/commit/f61…
    https://github.com/apache/httpd/blob/afcdbeebbff4…
    https://www.debian.org/security/2023/dsa-5522 vendor-advisory
    https://www.debian.org/security/2023/dsa-5521 vendor-advisory
    https://access.redhat.com/security/cve/cve-2023-44487
    https://github.com/ninenines/cowboy/issues/1615
    https://github.com/varnishcache/varnish-cache/iss…
    https://github.com/tempesta-tech/tempesta/issues/1986
    https://blog.vespa.ai/cve-2023-44487/
    https://github.com/etcd-io/etcd/issues/16740
    https://www.darkreading.com/cloud/internet-wide-z…
    https://istio.io/latest/news/security/istio-secur…
    https://github.com/junkurihara/rust-rpxy/issues/97
    https://bugzilla.suse.com/show_bug.cgi?id=1216123
    https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    https://ubuntu.com/security/CVE-2023-44487
    https://community.traefik.io/t/is-traefik-vulnera…
    https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    https://github.com/apache/httpd-site/pull/10
    https://github.com/projectcontour/contour/pull/5826
    https://github.com/linkerd/website/pull/1695/comm…
    https://github.com/line/armeria/pull/5232
    https://blog.litespeedtech.com/2023/10/11/rapid-r…
    https://security.paloaltonetworks.com/CVE-2023-44487
    https://github.com/akka/akka-http/issues/4323
    https://github.com/openresty/openresty/issues/930
    https://github.com/apache/apisix/issues/10320
    https://github.com/Azure/AKS/issues/3947
    https://github.com/Kong/kong/discussions/11741
    https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    https://www.netlify.com/blog/netlify-successfully…
    https://github.com/caddyserver/caddy/releases/tag…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
    https://arstechnica.com/security/2023/10/how-ddos…
    https://lists.w3.org/Archives/Public/ietf-http-wg…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.netapp.com/advisory/ntap-2023101…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5540 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5549 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.debian.org/security/2023/dsa-5558 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.gentoo.org/glsa/202311-09 vendor-advisory
    https://www.debian.org/security/2023/dsa-5570 vendor-advisory
    https://security.netapp.com/advisory/ntap-2024042…
    https://security.netapp.com/advisory/ntap-2024062…
    https://security.netapp.com/advisory/ntap-2024062…
    https://github.com/grpc/grpc/releases/tag/v1.59.2
    https://sec.cloudapps.cisco.com/security/center/c…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://www.vicarius.io/vsociety/posts/rapid-rese…
    http://www.openwall.com/lists/oss-security/2025/08/13/6
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "http",
                "vendor": "ietf",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44487",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:34:21.334116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-10-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-10-10T00:00:00.000Z",
                "value": "CVE-2023-44487 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37831062"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/envoyproxy/envoy/pull/30055"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/haproxy/haproxy/issues/2312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/jetty.project/issues/10679"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/pull/1961"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/alibaba/tengine/issues/1872"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830998"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/issues/5877"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/bcdannyboy/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-go/pull/6703"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000137106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/proxygen/pull/466"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/micrictor/http2-rst-stream"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/pull/3291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nodejs/node/pull/50121"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/announcements/issues/277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/trafficserver/pull/10564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kubernetes/kubernetes/pull/121120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37837043"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/issues/93"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
              },
              {
                "name": "DSA-5522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5522"
              },
              {
                "name": "DSA-5521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ninenines/cowboy/issues/1615"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.vespa.ai/cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/etcd-io/etcd/issues/16740"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd-site/pull/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/projectcontour/contour/pull/5826"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/line/armeria/pull/5232"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/akka/akka-http/issues/4323"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openresty/openresty/issues/930"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/apisix/issues/10320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/3947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Kong/kong/discussions/11741"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
              },
              {
                "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
              },
              {
                "name": "FEDORA-2023-ed2642fd58",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
              },
              {
                "name": "[oss-security] 20231018 Vulnerability in Jenkins",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
              },
              {
                "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
              },
              {
                "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
              },
              {
                "name": "FEDORA-2023-54fadada12",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
              },
              {
                "name": "FEDORA-2023-5ff7bf1dd8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
              },
              {
                "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
              },
              {
                "name": "FEDORA-2023-17efd3f2cd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
              },
              {
                "name": "FEDORA-2023-d5030c983c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
              },
              {
                "name": "FEDORA-2023-0259c3f26f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
              },
              {
                "name": "FEDORA-2023-2a9214af5f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
              },
              {
                "name": "FEDORA-2023-e9c04d81c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
              },
              {
                "name": "FEDORA-2023-f66fc0f62a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
              },
              {
                "name": "FEDORA-2023-4d2fd884ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
              },
              {
                "name": "FEDORA-2023-b2c50535cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
              },
              {
                "name": "FEDORA-2023-fe53e13b5b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "name": "FEDORA-2023-4bf641255e",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
              },
              {
                "name": "DSA-5540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5540"
              },
              {
                "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
              },
              {
                "name": "FEDORA-2023-1caffb88af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
              },
              {
                "name": "FEDORA-2023-3f70b8d406",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
              },
              {
                "name": "FEDORA-2023-7b52921cae",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
              },
              {
                "name": "FEDORA-2023-7934802344",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
              },
              {
                "name": "FEDORA-2023-dbe64661af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
              },
              {
                "name": "FEDORA-2023-822aab0a5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
              },
              {
                "name": "DSA-5549",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5549"
              },
              {
                "name": "FEDORA-2023-c0c6a91330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
              },
              {
                "name": "FEDORA-2023-492b7be466",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
              },
              {
                "name": "DSA-5558",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5558"
              },
              {
                "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
              },
              {
                "name": "GLSA-202311-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "name": "DSA-5570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T10:52:23.784Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-07T20:05:34.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
            },
            {
              "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
            },
            {
              "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
            },
            {
              "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37831062"
            },
            {
              "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
            },
            {
              "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
            },
            {
              "url": "https://github.com/envoyproxy/envoy/pull/30055"
            },
            {
              "url": "https://github.com/haproxy/haproxy/issues/2312"
            },
            {
              "url": "https://github.com/eclipse/jetty.project/issues/10679"
            },
            {
              "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/pull/1961"
            },
            {
              "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
            },
            {
              "url": "https://github.com/alibaba/tengine/issues/1872"
            },
            {
              "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830987"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830998"
            },
            {
              "url": "https://github.com/caddyserver/caddy/issues/5877"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
            },
            {
              "url": "https://github.com/bcdannyboy/CVE-2023-44487"
            },
            {
              "url": "https://github.com/grpc/grpc-go/pull/6703"
            },
            {
              "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
            },
            {
              "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000137106"
            },
            {
              "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
            },
            {
              "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
            },
            {
              "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
            },
            {
              "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
            },
            {
              "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
            },
            {
              "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
            },
            {
              "url": "https://github.com/facebook/proxygen/pull/466"
            },
            {
              "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
            },
            {
              "url": "https://github.com/micrictor/http2-rst-stream"
            },
            {
              "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
            },
            {
              "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
            },
            {
              "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
            },
            {
              "url": "https://github.com/h2o/h2o/pull/3291"
            },
            {
              "url": "https://github.com/nodejs/node/pull/50121"
            },
            {
              "url": "https://github.com/dotnet/announcements/issues/277"
            },
            {
              "url": "https://github.com/golang/go/issues/63417"
            },
            {
              "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
            },
            {
              "url": "https://github.com/apache/trafficserver/pull/10564"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
            },
            {
              "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
            },
            {
              "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
            },
            {
              "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
            },
            {
              "url": "https://github.com/kubernetes/kubernetes/pull/121120"
            },
            {
              "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
            },
            {
              "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
            },
            {
              "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
            },
            {
              "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
            },
            {
              "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
            },
            {
              "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37837043"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/issues/93"
            },
            {
              "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
            },
            {
              "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
            },
            {
              "name": "DSA-5522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5522"
            },
            {
              "name": "DSA-5521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5521"
            },
            {
              "url": "https://access.redhat.com/security/cve/cve-2023-44487"
            },
            {
              "url": "https://github.com/ninenines/cowboy/issues/1615"
            },
            {
              "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
            },
            {
              "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
            },
            {
              "url": "https://blog.vespa.ai/cve-2023-44487/"
            },
            {
              "url": "https://github.com/etcd-io/etcd/issues/16740"
            },
            {
              "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
            },
            {
              "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
            },
            {
              "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2023-44487"
            },
            {
              "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
            },
            {
              "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
            },
            {
              "url": "https://github.com/apache/httpd-site/pull/10"
            },
            {
              "url": "https://github.com/projectcontour/contour/pull/5826"
            },
            {
              "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
            },
            {
              "url": "https://github.com/line/armeria/pull/5232"
            },
            {
              "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
            },
            {
              "url": "https://github.com/akka/akka-http/issues/4323"
            },
            {
              "url": "https://github.com/openresty/openresty/issues/930"
            },
            {
              "url": "https://github.com/apache/apisix/issues/10320"
            },
            {
              "url": "https://github.com/Azure/AKS/issues/3947"
            },
            {
              "url": "https://github.com/Kong/kong/discussions/11741"
            },
            {
              "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
            },
            {
              "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
            },
            {
              "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
            },
            {
              "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
            },
            {
              "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
            },
            {
              "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
            },
            {
              "name": "FEDORA-2023-ed2642fd58",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
            },
            {
              "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
            },
            {
              "name": "[oss-security] 20231018 Vulnerability in Jenkins",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
            },
            {
              "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
            },
            {
              "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
            },
            {
              "name": "FEDORA-2023-54fadada12",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
            },
            {
              "name": "FEDORA-2023-5ff7bf1dd8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
            },
            {
              "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
            },
            {
              "name": "FEDORA-2023-17efd3f2cd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
            },
            {
              "name": "FEDORA-2023-d5030c983c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
            },
            {
              "name": "FEDORA-2023-0259c3f26f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
            },
            {
              "name": "FEDORA-2023-2a9214af5f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
            },
            {
              "name": "FEDORA-2023-e9c04d81c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
            },
            {
              "name": "FEDORA-2023-f66fc0f62a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
            },
            {
              "name": "FEDORA-2023-4d2fd884ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
            },
            {
              "name": "FEDORA-2023-b2c50535cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
            },
            {
              "name": "FEDORA-2023-fe53e13b5b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "name": "FEDORA-2023-4bf641255e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
            },
            {
              "name": "DSA-5540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5540"
            },
            {
              "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
            },
            {
              "name": "FEDORA-2023-1caffb88af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
            },
            {
              "name": "FEDORA-2023-3f70b8d406",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
            },
            {
              "name": "FEDORA-2023-7b52921cae",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
            },
            {
              "name": "FEDORA-2023-7934802344",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
            },
            {
              "name": "FEDORA-2023-dbe64661af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
            },
            {
              "name": "FEDORA-2023-822aab0a5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
            },
            {
              "name": "DSA-5549",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5549"
            },
            {
              "name": "FEDORA-2023-c0c6a91330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
            },
            {
              "name": "FEDORA-2023-492b7be466",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
            },
            {
              "name": "DSA-5558",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5558"
            },
            {
              "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
            },
            {
              "name": "GLSA-202311-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "name": "DSA-5570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5570"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
            },
            {
              "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
            },
            {
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-44487",
        "datePublished": "2023-10-10T00:00:00.000Z",
        "dateReserved": "2023-09-29T00:00:00.000Z",
        "dateUpdated": "2026-05-12T10:52:23.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3971 (GCVE-0-2023-3971)

    Vulnerability from cvelistv5 – Published: 2023-10-04 14:26 – Updated: 2025-11-20 19:51
    VLAI
    Title
    Controller: html injection in custom login info
    Summary
    An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4340 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:4590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-3971 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2226965 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 8 Unaffected: 0:4.3.11-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.3 for RHEL 9 Unaffected: 0:4.3.11-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9
        cpe:/a:redhat:ansible_automation_platform:2.3::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8
        cpe:/a:redhat:ansible_automation_platform:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:4.4.1-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:4.4.1-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
    Create a notification for this product.
    Date Public
    2023-07-27 07:28
    Credits
    Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T19:46:29.640652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:34.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4340",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4340"
              },
              {
                "name": "RHSA-2023:4590",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4590"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
              },
              {
                "name": "RHBZ#2226965",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.11-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.11-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.1-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.1-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue."
            }
          ],
          "datePublic": "2023-07-27T07:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T19:51:46.690Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4340",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4340"
            },
            {
              "name": "RHSA-2023:4590",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4590"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3971"
            },
            {
              "name": "RHBZ#2226965",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-18T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-07-27T07:28:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Controller: html injection in custom login info",
          "x_redhatCweChain": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3971",
        "datePublished": "2023-10-04T14:26:01.621Z",
        "dateReserved": "2023-07-27T07:24:40.604Z",
        "dateUpdated": "2025-11-20T19:51:46.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }