VDB
CVE-2024-10033
CVE-2024-10033
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
EPSS 1.10% · 78.4th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
1.10%
78.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | ansible_automation_platform | 2.5, 2.5 |
| redhat | ansible_developer | 1.2, 1.2 |
| redhat | ansible_inside | 1.3, 1.3 |
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 | 0:2.5.3-1.el9ap, 0:2.5.3-1.el9ap |
| 0, 0 | ||
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | 0:2.5.3-1.el8ap, 0:2.5.3-1.el8ap |
Exploit Intelligence
- CIRCL seen: CVE-2024-10033 (circl-sighting)
- CIRCL seen: CVE-2024-10033 (circl-sighting)
- RHSA-2024:8534 (circl)
- https://access.redhat.com/security/cve/CVE-2024-10033 (circl)
- RHBZ#2319162 (circl)
- Weaponized CVE-2024-10033 in Nuclei (cve.org)
Timeline
- Jan 20, 1970 Nuclei Template
- Jan 20, 1970 Fix Commit
- Oct 16, 2024 CVE Published
- Oct 17, 2024 EPSS Score
- Oct 17, 2024 Coalition ESS Score
- Oct 18, 2024 Coalition ESS Score
- Oct 30, 2024 Coalition ESS Score
- Oct 30, 2024 Coalition ESS Score
- Nov 5, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Dec 31, 2024 EPSS Score
References
- RHSA-2024:8534 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-10033 vdb
- RHBZ#2319162 issue
- https://nvd.nist.gov/vuln/detail/CVE-2024-10033 advisory