Red Hat Ansible Automation Platform Websocket information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Red Hat Ansible Automation Platform. The impacted element is an unknown function of the component Websocket Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-1657. No exploit exists. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in Red Hat Ansible Automation Platform (Automation Software) (version now known) and classified as problematic. This issue affects some unknown processing of the component Websocket Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The summary by CVE is:
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
The weakness was disclosed 02/29/2024. The advisory is shared at bugzilla.redhat.com. The identification of this vulnerability is CVE-2024-1657 since 02/20/2024. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592 for this issue.
Applying a patch is able to eliminate this problem.
The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2024-0522). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Red Hat Ansible Automation Platform
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Fedora Linux
- Gentoo Linux
- IBM MQ
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.redhat.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.8VulDB Meta Temp Score: 5.7
VulDB Base Score: 3.5
VulDB Temp Score: 3.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.1
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
02/20/2024 🔍02/29/2024 🔍
02/29/2024 🔍
02/26/2026 🔍
Sources
Vendor: redhat.comAdvisory: bugzilla.redhat.com
Status: Confirmed
CVE: CVE-2024-1657 (🔍)
GCVE (CVE): GCVE-0-2024-1657
GCVE (VulDB): GCVE-100-255317
CERT Bund: WID-SEC-2024-0522 - Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Entry
Created: 02/29/2024 20:59Updated: 02/26/2026 10:05
Changes: 02/29/2024 20:59 (38), 07/27/2025 07:43 (22), 02/26/2026 10:05 (13)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.