Description
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
Problem types
Use of Non-Canonical URL Paths for Authorization Decisions
Product status
0:3.1.1-1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:25.12.2-1.1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:0.1.4-1.el8ap (rpm) before *
0:2.5.20251210-1.el8ap (rpm) before *
0:4.10.10-1.el8ap (rpm) before *
0:2.13.0-1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:0.4.0-1.el8ap (rpm) before *
0:4.2.26-1.el8ap (rpm) before *
0:2.1.2-1.el8ap (rpm) before *
0:0.4.36-2.el8ap (rpm) before *
0:4.10.10-1.el8ap (rpm) before *
0:23.0.0-1.el8ap (rpm) before *
0:1.6.0-1.el8ap (rpm) before *
0:9.0.1-1.el8ap (rpm) before *
0:25.12.0-1.el8ap (rpm) before *
0:3.8.0-1.el8ap (rpm) before *
0:0.2.15-1.el8ap (rpm) before *
0:0.4.2-1.el8ap (rpm) before *
0:25.12.0-1.2.el8ap (rpm) before *
0:4.15.0-1.el8ap (rpm) before *
0:3.1.1-1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:25.12.2-1.1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:0.1.4-1.el9ap (rpm) before *
0:2.5.20251210-1.el9ap (rpm) before *
0:4.10.10-1.el9ap (rpm) before *
0:2.13.0-1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:0.4.0-1.el9ap (rpm) before *
0:4.2.26-1.el9ap (rpm) before *
0:2.1.2-1.el9ap (rpm) before *
0:0.4.36-2.el9ap (rpm) before *
0:4.10.10-1.el9ap (rpm) before *
0:23.0.0-1.el9ap (rpm) before *
0:1.6.0-1.el9ap (rpm) before *
0:9.0.1-1.el9ap (rpm) before *
0:25.12.0-1.el9ap (rpm) before *
0:3.8.0-1.el9ap (rpm) before *
0:0.2.15-1.el9ap (rpm) before *
0:0.4.2-1.el9ap (rpm) before *
0:25.12.0-1.2.el9ap (rpm) before *
0:4.15.0-1.el9ap (rpm) before *
0:2.6.20251119-1.el9ap (rpm) before *
sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd (rpm) before *
sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7 (rpm) before *
Timeline
| 2025-09-03: | Reported to Red Hat. |
| 2025-09-17: | Made public. |
Credits
This issue was discovered by Elijah DeLee (Red Hat).
References
access.redhat.com/errata/RHSA-2025:21768 (RHSA-2025:21768)
access.redhat.com/errata/RHSA-2025:21775 (RHSA-2025:21775)
access.redhat.com/errata/RHSA-2025:23069 (RHSA-2025:23069)
access.redhat.com/errata/RHSA-2025:23131 (RHSA-2025:23131)
access.redhat.com/security/cve/CVE-2025-9909
bugzilla.redhat.com/show_bug.cgi?id=2392836 (RHBZ#2392836)