Vulnerabilities > CVE-2024-10033 - Unspecified vulnerability in Redhat products

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2024-10-16

Updated: 2025-03-26

Summary

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Ansible Automation Platform 2.5 Redhat Ansible Developer 1.2 Redhat Ansible Inside 1.3	3
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2

References

https://access.redhat.com/errata/RHSA-2024:8534
https://access.redhat.com/security/cve/CVE-2024-10033
https://bugzilla.redhat.com/show_bug.cgi?id=2319162