6.7
CVE-2025-9907
- EPSS 0.01%
- Veröffentlicht 27.02.2026 07:29:06
- Zuletzt bearbeitet 26.03.2026 16:56:31
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Automation Platform Version < 2.6
Redhat ≫ Ansible Developer Version1.2
Redhat ≫ Ansible Developer Version1.3
Redhat ≫ Ansible Inside Version1.3
Redhat ≫ Ansible Inside Version1.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.002 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.