5.3
CVE-2025-5988
- EPSS 0.25%
- Veröffentlicht 04.08.2025 15:16:43
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Aap-gateway: csrf origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://gitlab.cee.redhat.com/ansible/aap-gateway/
≫
Paket
automation-gateway-server
Default Statusunaffected
Version
0
Version <
2.5.20250730
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version
0:2.5.20250730-2.el8ap
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version
0:2.5.20250730-2.el9ap
Version <
*
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.161 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://access.redhat.com/security/cve/CVE-2025-5988
https://bugzilla.redhat.com/show_bug.cgi?id=2371644
https://access.redhat.com/errata/RHSA-2025:12772