CVE-2025-2877

{"id": "CVE-2025-2877", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-28T14:15:21.877", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:3636", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:3637", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-2877", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355540", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-1295"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to \"debug\", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any \"debug\" action in a rulebook and also affects Event Streams."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Ansible Automation Platform's Event-Driven Ansible. En configuraciones donde el nivel de detalle est\u00e1 configurado como \"depuraci\u00f3n\", las contrase\u00f1as de inventario se exponen en texto plano al iniciar la activaci\u00f3n de un libro de reglas. Este problema existe para cualquier acci\u00f3n de \"depuraci\u00f3n\" en un libro de reglas y tambi\u00e9n afecta a los flujos de eventos."}], "lastModified": "2025-04-07T16:15:25.720", "sourceIdentifier": "secalert@redhat.com"}