Red Hat Ansible Automation Platform Security Vulnerability

🗓️ 29 Feb 2024 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 2 Views

Security vulnerability in Red Hat Ansible Automation Platform caused by an insecure websocket with the EDA server.

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform allows a perpetrator to gain unauthorized access to protected information.	6 Mar 202400:00	–	bdu_fstec
Circl	CVE-2024-1657	29 Feb 202418:16	–	circl
CVE	CVE-2024-1657	25 Apr 202416:28	–	cve
Cvelist	CVE-2024-1657 Platform: insecure websocket used when interacting with eda server	25 Apr 202416:28	–	cvelist
EUVD	EUVD-2024-17392	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1657	25 Apr 202417:15	–	nvd
OSV	RHSA-2024:1057 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update	30 Sep 202415:56	–	osv
Positive Technologies	PT-2024-1961 · Ansible · Ansible Automation Platform	20 Feb 202400:00	–	ptsecurity
Tenable Nessus	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2024:1057)	8 Mar 202400:00	–	nessus
RedhatCVE	CVE-2024-1657	29 Feb 202417:02	–	redhatcve

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:1057
access	www.access.redhat.com/security/cve/CVE-2024-1657
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/cve-2024-1657
cxsecurity	www.cxsecurity.com/cveshow/CVE-2024-1657/

15 Jan 2026 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.18.1

EPSS0.00058

SSVC

Red Hat Ansible Automation Insecure websocket EDA server Security vulnerability