CNNVD-202506-3731 Information
CNNVD ID
CNNVD-202506-3731
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
Red Hat Ansible Automation Platform(Red Hat AAP)是美国红帽(Red Hat)公司的一款实现战略性自动化的统一解决方案。 Red Hat Ansible Automation Platform存在参数注入漏洞,该漏洞源于用户提供的Git URL未经验证,可能导致命令注入和服务账户令牌窃取。
Description (English)
Red Hat Automation Platform (Red Hat AAP) is a unified solution to strategic automation by Red Hat. Red Hat Anseble Automation Platform has a gap in parameters, which arises from the unverified Git URL provided by the user, which may result in command injection and service account token theft.
Hazard Level
Medium
Vulnerability Type
参数注入
Affected Vendor
红狮控制
Published
2025-06-30
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/cve-2025-49520 https://vigilance.fr/vulnerability/Red-Hat-Ansible-Automation-Platform-2-5-code-execution-via-Git-URL-Ls-remote-Command-47572 https://nvd.nist.gov/vuln/detail/CVE-2025-49520
Patch
https://www.redhat.com/en/technologies/management/ansible?sc_cid=7015Y000003t7aWQAQ
Share on: