Red Hat Ansible Automation Platform aap-gateway Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Ansible aap-gateway component of Red Hat Ansible Automation Platform. This issue arises from a race condition in the gateway's gRPC service, where concurrent requests can interfere with each other. As a result, a less privileged user, including unauthenticated users, may be able to access the JSON Web Token (JWT) of a more privileged user. This could lead to unauthorized actions on behalf of the privileged user, potentially compromising the server. The vulnerability affects all Ansible Automation Platform 2.5 customers, with the exception of those using the platform on Microsoft Azure or the Ansible Automation Platform Service on AWS, both of which have already been patched.

Impact

Exploitation of this vulnerability allows a less privileged user to obtain the JWT of a more privileged user, leading to unauthorized access and actions on behalf of the privileged user.

Remediation

Users should upgrade to the latest version of Red Hat Ansible Automation Platform 2.5. For those using Ansible Automation Platform on RHEL 9 or RHEL 8, the update is available through the Red Hat Product Errata RHSA-2025:1954. After updating, it is recommended to revoke all existing OAuth tokens in the components (hub, controller, EDA) to eliminate any unauthorized access that may have been granted through long-lived tokens.