A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00046}

epss

{'score': 0.00051}


Wed, 26 Mar 2025 04:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Wed, 30 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ansible Developer
Redhat ansible Inside
Redhat enterprise Linux
CPEs cpe:2.3:a:redhat:ansible_automation_platform:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Redhat ansible Developer
Redhat ansible Inside
Redhat enterprise Linux

Wed, 30 Oct 2024 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ansible Automation Platform Developer
Redhat ansible Automation Platform Inside
CPEs cpe:/a:redhat:ansible_automation_platform:2 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Vendors & Products Redhat ansible Automation Platform Developer
Redhat ansible Automation Platform Inside
References

Tue, 29 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:ansible_automation_platform:2.5::el8
cpe:/a:redhat:ansible_automation_platform:2.5::el9

Thu, 17 Oct 2024 01:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 16 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
Title Aap-gateway: xss on aap-gateway
First Time appeared Redhat
Redhat ansible Automation Platform
Weaknesses CWE-79
CPEs cpe:/a:redhat:ansible_automation_platform:2
Vendors & Products Redhat
Redhat ansible Automation Platform
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T09:14:37.471Z

Reserved: 2024-10-16T13:48:55.226Z

Link: CVE-2024-10033

cve-icon Vulnrichment

Updated: 2024-10-16T17:56:45.719Z

cve-icon NVD

Status : Modified

Published: 2024-10-16T17:15:13.267

Modified: 2025-03-26T05:15:39.593

Link: CVE-2024-10033

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-16T00:00:00Z

Links: CVE-2024-10033 - Bugzilla

cve-icon OpenCVE Enrichment

No data.