Ansible Automation Platform Gateway API Sensitive Information Disclosure Vulnerability

A vulnerability exists in the Gateway API of Ansible Automation Platform (AAP) that allows the client secret for certain GitHub Enterprise authenticators to be returned in clear text. This issue affects administrators and auditors who access authenticator configurations. While the vulnerability is limited to privileged users, the unencrypted exposure of sensitive credentials raises the risk of accidental leaks or misuse.

Impact

The vulnerability allows OAuth2 client secrets to be exposed in plain text, creating a risk of unauthorized access or misuse of GitHub Enterprise authenticator configurations.

Reproduction

To reproduce this vulnerability, an administrator or auditor must access the Gateway API endpoint for authenticators configured with GitHub Enterprise or GitHub Enterprise Org. The API will return the OAuth2 client secret in clear text, revealing sensitive information that should be redacted or encrypted.