CVE-2024-10033 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-10033 PUBLISHED CVSS 6.099999904632568 MEDIUM

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.

EPSS 0.84% · 74.7th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.84%

74.7th percentile

Affected Products

Vendor	Product	Versions
redhat	ansible_automation_platform	2.5
redhat	ansible_developer	1.2
redhat	ansible_inside	1.3
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:2.5.3-1.el9ap
		0
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:2.5.3-1.el8ap

Timeline

Jan 20, 1970 Nuclei Template
Jan 20, 1970 Fix Commit
Oct 16, 2024 CVE Published
Oct 17, 2024 EPSS Score
Oct 17, 2024 Coalition ESS Score
Oct 18, 2024 Coalition ESS Score
Oct 30, 2024 Coalition ESS Score
Oct 30, 2024 Coalition ESS Score
Nov 4, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 11, 2024 EPSS Score
Dec 29, 2024 EPSS Score

References

RHSA-2024:8534 vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-10033 vdb
RHBZ#2319162 issue
https://nvd.nist.gov/vuln/detail/CVE-2024-10033 advisory

Open in Interactive Console →