Описание
No description is available for this CVE.
Отчет
This issue is classified as Moderate because the exposure of sensitive internal headers, including X-Trusted-Proxy and X-Envoy-* values, can lead to privilege escalation, request spoofing, and unauthorized access to internal infrastructure details. Exploitation requires low-complexity conditions and local access—any user with an EDA credential or shared access to a job template and event stream can capture these headers once an event is sent. The persistence of captured headers further increases risk, as sensitive values remain accessible to the attacker until explicitly cleared.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | event-driven-ansible | Affected |
Показывать по
Дополнительная информация
Статус:
6.7 Medium
CVSS3
6.7 Medium
CVSS3