Описание
No description is available for this CVE.
Отчет
This issue is classified as Moderate because exploitation requires the attacker to have administrative access (or successfully social engineer a legitimate admin). A malicious or tricked admin can create a deceptive route with a double-slash path that captures user credentials in cleartext, potentially allowing persistent backdoor access even after the admin’s permissions are revoked. The gateway does not normalize or validate these paths, meaning normal users cannot detect the attack through ordinary API use. Although an attacker cannot exploit this without access to route creation, the combination of privileged requirements and complete credential exposure makes this a moderate severity risk in any environment where multiple users rely on gateway authentication.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | automation-gateway | Affected |
Показывать по
Дополнительная информация
Статус:
6.7 Medium
CVSS3
6.7 Medium
CVSS3