Описание
No description is available for this CVE.
Отчет
This issue is classified as Moderate because the exposure of sensitive headers, including client Authorization tokens and internal infrastructure values such as X-Trusted-Proxy, can lead to credential leakage and privilege escalation only after user forced mistake and with specific configuration. Exploitation does not require complex conditions—any user with read access to the event stream can retrieve the headers once a request has been posted in test mode. Exploitation depends on either a user mistakenly sending credentials to the event stream endpoint or internal headers being injected when the wrong path is used. The persistence of captured headers further increases risk, as sensitive values remain accessible until explicitly overwritten or deleted.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | event-driven-ansible | Affected |
Показывать по
Дополнительная информация
Статус:
6.7 Medium
CVSS3
6.7 Medium
CVSS3