23 matches found
EUVD-2026-26967
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-6266 Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-6266
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
EUVD-2024-33571
Malicious code in bioql PyPI...
EUVD-2025-23518
Malicious code in bioql PyPI...
EUVD-2025-5589
Malicious code in bioql PyPI...
aap-gateway: CSRF origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...
CVE-2025-5988
A CVE (CVE-2025-5988) affects Ansible Automation Platform’s aap-gateway, where CSRF origin checking is not performed on requests from the gateway to external components (controller, hub, eda). The issue is documented in Red Hat’s advisory RHSA-2025:12772 and Red Hat notes that automation-gateway ...
CVE-2025-5988 Aap-gateway: csrf origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...
CVE-2025-5988
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. Mitigation Use HTTPS on the platform ingress if possible. Since this is a problem in edge-terminated...
CVE-2025-5988 Aap-gateway: csrf origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...
CVE-2025-1801
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...
CVE-2025-1801
Summary (CVE-2025-1801): A race-condition vulnerability in the Red Hat Ansible Automation Platform (AAP) 2.5 gateway’s aap-gateway GRPC service could let a less-privileged user obtain a greater-privileged user’s JWT, risking session data and server integrity. CVSS v3.1 base score 8.1 (HIGH) with ...
CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...
CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...
aap-gateway: aap-gateway privilege escalation
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...
aap-gateway: XSS on aap-gateway
A vulnerability was found in aap-gateway. A Cross-site Scripting XSS vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions a...
CVE-2024-10033
A vulnerability was found in aap-gateway. A Cross-site Scripting XSS vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions a...
CVE-2024-10033
A vulnerability was found in aap-gateway. A Cross-site Scripting XSS vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions a...
CVE-2024-10033
CVE-2024-10033 is an XSS vulnerability in the aap-gateway component of Red Hat Ansible Automation Platform (automation-gateway). The associated Red Hat advisory RHSA-2024:8534 lists this issue among security fixes and notes an upgrade path for the platform (automation-gateway updated to 2.5.3). T...