A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T16:28:38.094Z
Updated: 2024-11-24T12:57:05.283Z
Reserved: 2024-02-20T09:47:30.627Z
Link: CVE-2024-1657
Vulnrichment
Updated: 2024-08-01T18:48:21.570Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T17:15:48.013
Modified: 2024-11-21T08:51:01.173
Link: CVE-2024-1657
Redhat