Multiple vulnerabilities in Red Hat Ansible Automation Platform 2.4 for RHEL 9

1) Error Handling

EUVDB-ID: #VU72036

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-23931

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows an attacker to misuse Python API.

The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Ansible Automation Platform: 2.4

python3x-rsa (Red Hat package): before 4.7.2-1.el8ap

python3x-requests (Red Hat package): before 2.31.0-1.el8ap

python3x-django (Red Hat package): before 3.2.20-1.el8ap

python3x-cryptography (Red Hat package): before 38.0.4-2.el8ap

python-rsa (Red Hat package): before 4.7.2-1.el9ap

python-requests (Red Hat package): before 2.31.0-1.el9ap

python-django (Red Hat package): before 3.2.20-1.el9ap

python-cryptography (Red Hat package): before 38.0.4-2.el9ap

automation-eda-controller (Red Hat package): before 1.0.1-1.el8ap

CPE2.3

• cpe:2.3:a:red_hat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:python3x-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:automation-eda-controller_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:4693

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU77164

Risk: Medium

CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-32681

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Ansible Automation Platform: 2.4

python3x-rsa (Red Hat package): before 4.7.2-1.el8ap

python3x-requests (Red Hat package): before 2.31.0-1.el8ap

python3x-django (Red Hat package): before 3.2.20-1.el8ap

python3x-cryptography (Red Hat package): before 38.0.4-2.el8ap

python-rsa (Red Hat package): before 4.7.2-1.el9ap

python-requests (Red Hat package): before 2.31.0-1.el9ap

python-django (Red Hat package): before 3.2.20-1.el9ap

python-cryptography (Red Hat package): before 38.0.4-2.el9ap

automation-eda-controller (Red Hat package): before 1.0.1-1.el8ap

CPE2.3

• cpe:2.3:a:red_hat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:python3x-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:automation-eda-controller_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:4693

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Inefficient regular expression complexity

EUVDB-ID: #VU77880

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-36053

CWE-ID: CWE-1333 - Inefficient Regular Expression Complexity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions within EmailValidator and URLValidator. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Ansible Automation Platform: 2.4

python3x-rsa (Red Hat package): before 4.7.2-1.el8ap

python3x-requests (Red Hat package): before 2.31.0-1.el8ap

python3x-django (Red Hat package): before 3.2.20-1.el8ap

python3x-cryptography (Red Hat package): before 38.0.4-2.el8ap

python-rsa (Red Hat package): before 4.7.2-1.el9ap

python-requests (Red Hat package): before 2.31.0-1.el9ap

python-django (Red Hat package): before 3.2.20-1.el9ap

python-cryptography (Red Hat package): before 38.0.4-2.el9ap

automation-eda-controller (Red Hat package): before 1.0.1-1.el8ap

CPE2.3

• cpe:2.3:a:red_hat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:python3x-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:automation-eda-controller_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:4693

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU79815

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4380

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in automation-eda-controller, which exposes token during project import. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Ansible Automation Platform: 2.4

python3x-rsa (Red Hat package): before 4.7.2-1.el8ap

python3x-requests (Red Hat package): before 2.31.0-1.el8ap

python3x-django (Red Hat package): before 3.2.20-1.el8ap

python3x-cryptography (Red Hat package): before 38.0.4-2.el8ap

python-rsa (Red Hat package): before 4.7.2-1.el9ap

python-requests (Red Hat package): before 2.31.0-1.el9ap

python-django (Red Hat package): before 3.2.20-1.el9ap

python-cryptography (Red Hat package): before 38.0.4-2.el9ap

automation-eda-controller (Red Hat package): before 1.0.1-1.el8ap

CPE2.3

• cpe:2.3:a:red_hat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:python3x-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python3x-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-rsa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-requests_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-django_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:python-cryptography_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:automation-eda-controller_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2023:4693

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.