A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T16:28:38.094Z
Updated: 2024-06-12T19:57:40.768Z
Reserved: 2024-02-20T09:47:30.627Z
Link: CVE-2024-1657
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-25T17:15:48.013
Modified: 2024-04-25T17:24:59.967
Link: CVE-2024-1657
JSON object: View
Redhat Information
No data.
CWE