8.1
CVE-2025-1801
- EPSS 0.05%
- Veröffentlicht 03.03.2025 15:15:16
- Zuletzt bearbeitet 03.03.2025 15:15:16
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://ansible.com
≫
Paket
automation-gateway
Default Statusunaffected
Version <
2.5.20250305-1
Version
2.5.0
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version <
*
Version
0:2.5.20250305-1.el8ap
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version <
*
Version
0:2.5.20250305-1.el9ap
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.153 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.