6.5

CVE-2025-2877

Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/ansible/ansible-rulebook
Paket ansible-rulebook
Default Statusunaffected
Version 0
Version < 1.1.6
Status affected
HerstellerRed Hat
Produkt Red Hat Ansible Automation Platform 2.4 for RHEL 8
Default Statusaffected
Version 0:1.0.8-2.el8ap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Ansible Automation Platform 2.4 for RHEL 9
Default Statusaffected
Version 0:1.0.8-2.el9ap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version 0:1.1.4-2.el8ap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version 0:1.1.4-2.el9ap
Version < *
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.475
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-1295 Debug Messages Revealing Unnecessary Information

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.