CVE-2025-7738 Information
Aug 01, 2025
cve
Description
A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Reference
https://access.redhat.com/security/cve/CVE-2025-7738 https://bugzilla.redhat.com/show_bug.cgi?id=2381589
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.4
Related CNNVD
CNNVD-202507-3895 (Published: 2025-07-31)
Share on: