5.3
CVE-2025-5988
- EPSS 0.03%
- Veröffentlicht 04.08.2025 15:16:43
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Aap-gateway: csrf origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://gitlab.cee.redhat.com/ansible/aap-gateway/
≫
Paket
automation-gateway-server
Default Statusunaffected
Version
0
Version <
2.5.20250730
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version
0:2.5.20250730-2.el8ap
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version
0:2.5.20250730-2.el9ap
Version <
*
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.077 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.