2319162 – (CVE-2024-10033) CVE-2024-10033 aap-gateway: XSS on aap-gateway

Bug 2319162 (CVE-2024-10033) - CVE-2024-10033 aap-gateway: XSS on aap-gateway

Summary: CVE-2024-10033 aap-gateway: XSS on aap-gateway

Keywords:
Status:	NEW
Alias:	CVE-2024-10033
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-16 13:49 UTC by OSIDB Bzimport
Modified:	2025-03-26 04:13 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:8534	0	None	None	None	2024-10-28 13:22:18 UTC

Description OSIDB Bzimport 2024-10-16 13:49:29 UTC

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. A malicious user could use it to perform actions to impact users by using the "?next=" in a URL and hence redirecting, injecting malicious script, stealing session and data.

Comment 1 errata-xmlrpc 2024-10-28 13:22:16 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2024:8534 https://access.redhat.com/errata/RHSA-2024:8534

Note You need to log in before you can comment on or make changes to this bug.

brking
davidn
haoli
hkataria
jajackso
jcammara
jmitchel
jneedle
kegrant
koliveir
kshier
mabashia
pbraun
relrod
security-response-team
shvarugh
simaishi
smcdonal
stcannon
teagle
tfister
thavo
yguenane