A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. |
Title | Event-Driven Automation in Ansible Automation Platform (AAP): Ansible Event-Driven Automation (EDA) lacks encryption | Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption |
First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2 | |
Vendors & Products |
Redhat
Redhat ansible Automation Platform |
|
References |
|
Tue, 08 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | Event-Driven Automation in Ansible Automation Platform (AAP): Ansible Event-Driven Automation (EDA) lacks encryption | |
Weaknesses | CWE-319 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-08T16:25:39.944Z
Updated: 2024-11-26T13:35:32.879Z
Reserved: 2024-10-08T00:58:15.815Z
Link: CVE-2024-9620
Vulnrichment
Updated: 2024-10-08T17:43:02.650Z
NVD
Status : Awaiting Analysis
Published: 2024-10-08T17:15:57.357
Modified: 2024-10-10T12:56:30.817
Link: CVE-2024-9620
Redhat