3.1
CVE-2025-53861
- EPSS 0.04%
- Veröffentlicht 11.07.2025 12:44:17
- Zuletzt bearbeitet 11.08.2025 19:21:12
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Aap: sensitive cookie(s) set without security flags
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Automation Platform Version2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.134 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.