CVE-2025-7738
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-08-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | python3.11-django-ansible-base | * |
| redhat | ansible_automation_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Ansible Automation Platform where the Gateway API exposes the client secret for certain GitHub Enterprise authenticators in clear text. This means that privileged users such as administrators or auditors who access authenticator configurations can see sensitive credentials without encryption, increasing the risk of accidental leaks or misuse.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive client secrets in clear text to privileged users, which increases the risk of those credentials being accidentally leaked or misused. This could potentially lead to unauthorized access or compromise of GitHub Enterprise authenticators configured in the Ansible Automation Platform.