A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat ansible Automation Platform Developer
|
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 |
|
Vendors & Products |
Redhat ansible Automation Platform Developer
|
|
References |
|
Thu, 31 Jul 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 31 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse. |
Title | python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP | Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap |
First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2 | |
Vendors & Products |
Redhat
Redhat ansible Automation Platform |
|
References |
|
Thu, 17 Jul 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP | |
Weaknesses | CWE-312 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published: 2025-07-31T14:12:02.648Z
Updated: 2025-08-04T21:21:01.719Z
Reserved: 2025-07-17T05:09:57.113Z
Link: CVE-2025-7738

Updated: 2025-07-31T14:17:09.481Z

Status : Awaiting Analysis
Published: 2025-07-31T14:15:35.177
Modified: 2025-08-04T22:15:28.823
Link: CVE-2025-7738
