A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
History

Mon, 04 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ansible Automation Platform Developer
CPEs cpe:/a:redhat:ansible_automation_platform:2 cpe:/a:redhat:ansible_automation_platform:2.5::el8
cpe:/a:redhat:ansible_automation_platform:2.5::el9
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
Vendors & Products Redhat ansible Automation Platform Developer
References

Thu, 31 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 31 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
Title python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2
Vendors & Products Redhat
Redhat ansible Automation Platform
References

Thu, 17 Jul 2025 12:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP
Weaknesses CWE-312
References
Metrics threat_severity

None

cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-07-31T14:12:02.648Z

Updated: 2025-08-04T21:21:01.719Z

Reserved: 2025-07-17T05:09:57.113Z

Link: CVE-2025-7738

cve-icon Vulnrichment

Updated: 2025-07-31T14:17:09.481Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-31T14:15:35.177

Modified: 2025-08-04T22:15:28.823

Link: CVE-2025-7738

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-17T00:00:00Z

Links: CVE-2025-7738 - Bugzilla