fkie_cve-2025-2877
Vulnerability from fkie_nvd
Published
2025-03-28 14:15
Modified
2025-04-07 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:3636
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:3637
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-2877
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2355540
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the Ansible Automation Platform\u0027s Event-Driven Ansible. In configurations where verbosity is set to \"debug\", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any \"debug\" action in a rulebook and also affects Event Streams."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una falla en Ansible Automation Platform\u0027s Event-Driven Ansible. En configuraciones donde el nivel de detalle est\u00e1 configurado como \"depuraci\u00f3n\", las contrase\u00f1as de inventario se exponen en texto plano al iniciar la activaci\u00f3n de un libro de reglas. Este problema existe para cualquier acci\u00f3n de \"depuraci\u00f3n\" en un libro de reglas y tambi\u00e9n afecta a los flujos de eventos."
    }
  ],
  "id": "CVE-2025-2877",
  "lastModified": "2025-04-07T16:15:25.720",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-28T14:15:21.877",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:3636"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:3637"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-2877"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355540"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1295"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.