CVE-2024-1657

high

Description

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2265085

https://access.redhat.com/security/cve/CVE-2024-1657

https://access.redhat.com/errata/RHSA-2024:1057

Details

Source: Mitre, NVD

Published: 2024-04-25

Updated: 2024-04-25

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High