5.3

CVE-2024-9620

EPSS 0.07%
Veröffentlicht 08.10.2024 17:15:57
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption

A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/ansible/ansible

≫

Paket event-driven-automation

Default Statusaffected

Version 0

Version < 2.4

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.219

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://access.redhat.com/security/cve/CVE-2024-9620

https://bugzilla.redhat.com/show_bug.cgi?id=2317129

https://nvd.nist.gov/vuln/detail/CVE-2024-9620

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9620

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9620

EUVD