Aap-gateway: csrf origin checking is disabled

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title Aap-gateway: csrf origin checking is disabled
Type cve
Published 2025-08-04T15:16:43.526Z
Modified 2025-08-04T15:32:55.872Z

Product Information

Vendor Red Hat
Product Red Hat Ansible Automation Platform 2

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Analysis

AI Description A vulnerability in Ansible’s aap-gateway allows cross-site request forgery (CSRF) attacks due to insufficient origin checking on requests to external components like the controller, hub, and eda. This could enable unauthorized actions on behalf of a user.
AI Severity Medium
AI Vendor Red Hat
AI Product Ansible aap-gateway

Additional Information

CWE List CWE-352
Source redhat

Description

A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.