4.4
CVE-2025-7738
- EPSS 0.04%
- Veröffentlicht 31.07.2025 14:12:02
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap
A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAnsible
≫
Produkt
django-ansible-base
Default Statusunaffected
Version
0
Version <
2025.7.22
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Default Statusaffected
Version
0:2.5.20250730-1.el8ap
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Default Statusaffected
Version
0:2.5.20250730-1.el9ap
Version <
*
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.102 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 4.4 | 0.7 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.