CVE-2025-7738

medium

Description

A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.

References

https://github.com/ansible/django-ansible-base/pull/773

https://github.com/ansible/django-ansible-base/commit/e241ea4dce8df577eda15301e0a8e61be647b27b

https://bugzilla.redhat.com/show_bug.cgi?id=2381589

https://access.redhat.com/security/cve/CVE-2025-7738

https://access.redhat.com/errata/RHSA-2025:12772

Details

Source: Mitre, NVD

Published: 2025-07-31

Updated: 2025-12-23

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.4

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.0002