CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

SUSE CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

EUVD-2025-203395

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

PT-2025-51254

Name of the Vulnerable Software and Affected Versions runtimes-inventory-rhel8-operator affected versions not specified Description A configuration issue exists in an internal proxy component of runtimes-inventory-rhel8-operator. The proxy incorrectly attaches the cluster’s administrative...

SUSE CVE-2021-3447

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

CVE-2019-14852

A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue...

Red Hat Mobile Aplication Platform 输入验证错误漏洞

Red Hat Mobile Aplication Platform is a mobile application development platform from Red Hat, Inc. The application orchestrates large-scale mobile application development plus supports everything from pre-packaged, no-code mobile solutions to fully customized solutions to mobile-integrated...

DEBIAN-CVE-2012-5474

The file /etc/openstack-dashboard/localsettings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release python-django-horizon package before 2012.1.1 is world readable and exposes the secret key value...

UBUNTU-CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

BSA-2017-280

Security Advisory ID : BSA-2017-280 Component : JBOSS Revision : 1.0: Interim The Web Console in Red Hat Enterprise Application Platform EAP before 6.4.4 andWildFlyformerlyJBossApplication Server allows remote attackers to cause a denial of service memory consumption via a large request header...

Red Hat Enterprise Application Platform Cross-Site Request Forgery Vulnerability

Red Hat Enterprise Application Platform is the United States Red Hat Red Hat, Inc. of a set of open source , J2EE-based middleware platform , which is mainly used to build, deploy and host Java applications and services. A cross-site request forgery vulnerability exists in Red Hat Enterprise...

CLI: Insecure default permissions on history file

It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not...