Required CVE Record Information
Description
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 8.1 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Product Status
Learn moreVersions 1 Total
Default Status: unaffected
affected
Versions 1 Total
Default Status: affected
unaffected
Versions 1 Total
Default Status: affected
unaffected
Versions 1 Total
Default Status: affected
unaffected
Versions 1 Total
Default Status: affected
unaffected
Versions 1 Total
Default Status: affected
unaffected
Versions 1 Total
Default Status: affected
unaffected
References 3 Total
- access.redhat.com: RHSA-2024:1057 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-1657 vdb-entry
- bugzilla.redhat.com: RHBZ#2265085 issue-tracking
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- access.redhat.com: RHSA-2024:1057 vendor-advisoryx_transferred
- https://access.redhat.com/security/cve/CVE-2024-1657 vdb-entryx_transferred
- bugzilla.redhat.com: RHBZ#2265085 issue-trackingx_transferred