A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
History

Tue, 17 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T16:28:38.094Z

Updated: 2024-11-24T12:57:05.283Z

Reserved: 2024-02-20T09:47:30.627Z

Link: CVE-2024-1657

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:21.570Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T17:15:48.013

Modified: 2024-11-21T08:51:01.173

Link: CVE-2024-1657

cve-icon Redhat

Severity : Important

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2024-1657 - Bugzilla