Ansible AAP Gateway Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Ansible AAP Gateway. The issue arises because origin checking for CSRF is not performed on requests from the gateway to external components, including the controller, hub, and EDA. This flaw can be exploited if TLS termination occurs at the edge, allowing an attacker to manipulate requests without proper origin validation.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of users, potentially allowing attackers to access or modify data, execute unintended actions within the application, or, if the victim has administrative privileges, gain full control over the web application.

Reproduction

To reproduce this vulnerability, initiate a request from the Ansible AAP Gateway to an external component such as the controller, hub, or EDA, ensuring that TLS termination occurs before the request reaches the gateway. This will bypass the referer checking and allow the request to be processed without proper origin validation. An attacker must also obtain a CSRF form token associated with the user's CSRF cookie, which can be challenging due to modern browser protections.

Remediation

It is recommended to use HTTPS on the platform ingress and, in edge-terminated AAP deployments, enforce trusted origins before requests reach the gateway. A web application firewall can help manage this issue.