Elijah Delee

**Name of the Vulnerable Software and Affected Versions** Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API (affected versions not specified) **Description** A flaw exists in the Event-Driven Ansible (EDA) Event Stream API that can lead to the exposure of sensitive client credentials and internal infrastructure headers. This exposure occurs through the `test headers` field when an event stream is in test mode. Potential consequences include the leakage of internal infrastructure details, accidental disclosure of user or system credentials, possible privilege escalation if high-value tokens are exposed, and persistent exposure of sensitive data to users with read access to the event stream. The API endpoint involved is the Event Stream API. The vulnerable parameter is `test headers`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams (affected versions not specified) **Description** A flaw exists in Event-Driven Ansible (EDA) Event Streams that allows an authenticated user to access sensitive internal infrastructure headers, such as `X-Trusted-Proxy` and `X-Envoy-*`, and event stream URLs through specially crafted requests and job templates. An attacker could potentially exploit this by exfiltrating these headers to spoof trusted requests, escalate privileges, or inject malicious events. The vulnerability involves the manipulation of requests and job templates to reveal internal information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Ansible Automation Platform Gateway (affected versions not specified) **Description** A flaw exists in the route creation component of the Ansible Automation Platform Gateway. This allows for credential theft through the creation of misleading routes utilizing a double-slash (//) prefix within the `gateway path`. A malicious administrator, or one susceptible to social engineering, can configure a deceptive route to intercept and steal user credentials, potentially establishing persistent access or a backdoor, even after their permissions are removed. The vulnerability involves creating routes with a double-slash (//) prefix in the `gateway path` to intercept credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible aap-gateway (affected versions not specified) **Description** A flaw was found in the Ansible aap-gateway, where concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.