6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @anthonyroussel Activity log
- Created automatic suggestion
- @anthonyroussel dismissed
Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
References
- RHSA-2025:23069 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23131 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-9907 x_refsource_REDHAT vdb-entry
- RHBZ#2392834 issue-tracking x_refsource_REDHAT
- RHSA-2025:19201 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19221 x_refsource_REDHAT vendor-advisory
Affected products
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.ansible-lint
Best practices checker for Ansible
pkgs.ansible-builder
Ansible execution environment builder
pkgs.ansible-navigator
Text-based user interface (TUI) for Ansible
pkgs.python312Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python313Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python314Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python312Packages.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.python313Packages.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.python314Packages.molecule
Aids in the development and testing of Ansible roles
pkgs.python312Packages.ansible-builder
Ansible execution environment builder
pkgs.python313Packages.ansible-builder
Ansible execution environment builder
pkgs.python314Packages.ansible-builder
Ansible execution environment builder
pkgs.python312Packages.molecule-plugins
Collection on molecule plugins
pkgs.python313Packages.molecule-plugins
Collection on molecule plugins
pkgs.python314Packages.molecule-plugins
Collection on molecule plugins
Package maintainers
-
@Melkor333 Samuel Ruprecht <samuel@ton-kunst.ch>
-
@sengaya Thilo Uttendorfer <tlo@sengaya.de>
-
@HarisDotParis Haris <git@haris.paris>
-
@robsliwi Robert Sliwinski <r@sliwi.org>
-
@dawidd6 Dawid Dziurla <dawidd0811@gmail.com>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@vinetos vinetos <contact+git@vinetos.fr>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>