CVE-2024-10033

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:redhat:ansible_automation_platform:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

30 Oct 2024, 18:50

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2024:8534 - () https://access.redhat.com/errata/RHSA-2024:8534 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-10033 - () https://access.redhat.com/security/cve/CVE-2024-10033 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2319162 - () https://bugzilla.redhat.com/show_bug.cgi?id=2319162 - Issue Tracking, Vendor Advisory
First Time Redhat
Redhat ansible Developer
Redhat ansible Automation Platform
Redhat ansible Inside
Redhat enterprise Linux
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.1

30 Oct 2024, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8534 -

18 Oct 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en aap-gateway. Existe una vulnerabilidad de cross-site scripting (XSS) en el componente de puerta de enlace. Esta falla permite que un usuario malintencionado realice acciones que afectan a los usuarios mediante el uso del "?next=" en una URL, lo que puede provocar redireccionamientos, inyección de secuencias de comandos maliciosas, robo de sesiones y datos.

16 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-16 17:15

Updated : 2024-10-30 18:50


NVD link : CVE-2024-10033

Mitre link : CVE-2024-10033

CVE.ORG link : CVE-2024-10033


JSON object : View

Products Affected

redhat

  • ansible_inside
  • enterprise_linux
  • ansible_developer
  • ansible_automation_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')