A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 17 Sep 2024 20:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T16:28:38.094Z
Updated: 2025-08-27T12:19:31.707Z
Reserved: 2024-02-20T09:47:30.627Z
Link: CVE-2024-1657
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-01T18:48:21.570Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2024-04-25T17:15:48.013
Modified: 2024-11-21T08:51:01.173
Link: CVE-2024-1657
 Redhat
                        Redhat