A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
History

Tue, 08 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 16:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
Title Event-Driven Automation in Ansible Automation Platform (AAP): Ansible Event-Driven Automation (EDA) lacks encryption Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2
Vendors & Products Redhat
Redhat ansible Automation Platform
References

Tue, 08 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title Event-Driven Automation in Ansible Automation Platform (AAP): Ansible Event-Driven Automation (EDA) lacks encryption
Weaknesses CWE-319
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-08T16:25:39.944Z

Updated: 2024-11-26T13:35:32.879Z

Reserved: 2024-10-08T00:58:15.815Z

Link: CVE-2024-9620

cve-icon Vulnrichment

Updated: 2024-10-08T17:43:02.650Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-08T17:15:57.357

Modified: 2024-10-10T12:56:30.817

Link: CVE-2024-9620

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-08T00:00:00Z

Links: CVE-2024-9620 - Bugzilla