A vulnerability exists in Red Hat Ansible Automation Platform's Event-Driven Ansible (EDA) Event Streams, allowing authenticated users to access sensitive internal infrastructure headers, such as X-Trusted-Proxy and X-Envoy-*, along with event stream URLs. This access is gained through crafted requests and job templates. The exfiltration of these headers could enable an attacker to spoof trusted requests, escalate privileges, or inject malicious events.
Exploitation of this vulnerability could lead to unauthorized access to sensitive internal headers, allowing for privilege escalation, request spoofing, and malicious event injection.
To reproduce this vulnerability, an authenticated user with access to an EDA event stream and a job template can send an event that includes crafted requests. This will trigger the disclosure of sensitive internal headers and event stream URLs.
Users can upgrade to Red Hat Ansible Automation Platform 2.6 or 2.5, both of which include the necessary fix. Instructions for applying this update are available in the Red Hat Ansible Automation Platform documentation.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
