Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-9908

Опубликовано: 17 сент. 2025
Источник: redhat
CVSS3: 6.7

Описание

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.

Отчет

This issue is classified as Moderate because the exposure of sensitive internal headers, including X-Trusted-Proxy and X-Envoy-* values, can lead to privilege escalation, request spoofing, and unauthorized access to internal infrastructure details. Exploitation requires low-complexity conditions and local access—any user with an EDA credential or shared access to a job template and event stream can capture these headers once an event is sent. The persistence of captured headers further increases risk, as sensitive values remain accessible to the attacker until explicitly cleared.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2392835event-driven-ansible: Sensitive Internal Headers Disclosure in AAP EDA Event Streams

6.7 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-9908

CVSS3: 6.7
nvd
около 1 месяца назад

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.

github логотип

GHSA-c2g3-cfch-p5h4

CVSS3: 6.7
github
около 1 месяца назад

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.

6.7 Medium

CVSS3