Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Release Update
Red Hat Ansible Automation Platform 2. 5 has been updated to address two security vulnerabilities in ansible-core: CVE-2024-8775 involves exposure of sensitive information in Ansible Vault files due to improper logging, and CVE-2024-9902 allows the ansible-core user to read or write unauthorized content. These issues have been fixed in ansible-core version 2. 16. 13, included in the Red Hat Ansible Automation Platform 2. 5 product release update. The update also includes various fixes and improvements to the Automation Platform UI, container-based platform, and RPM-based platform components. The vendor rates the security impact as moderate and provides official fixes in this update.
AI Analysis
Technical Summary
Red Hat Ansible Automation Platform 2.5 addresses two security vulnerabilities in ansible-core. CVE-2024-8775 is an exposure of sensitive information in Ansible Vault files caused by improper logging practices. CVE-2024-9902 allows the ansible-core user to read and write unauthorized content, potentially leading to unauthorized access or modification of data. These vulnerabilities are fixed in ansible-core version 2.16.13, which is part of the updated Red Hat Ansible Automation Platform 2.5 release. Additional fixes and updates to related components such as the Automation Platform UI, automation-gateway, and installer setups are also included. The update is classified as having a moderate security impact by Red Hat Product Security.
Potential Impact
The vulnerabilities could lead to exposure of sensitive information stored in Ansible Vault files and unauthorized read/write access by the ansible-core user. This could compromise confidentiality and integrity of automation content managed by the platform. The overall security impact is rated moderate by Red Hat, indicating a significant but not critical risk to affected systems.
Mitigation Recommendations
Red Hat has released an official update for Ansible Automation Platform 2.5 that includes fixes for these vulnerabilities. Users should apply the updated ansible-core package version 2.16.13 and the associated platform updates as provided in Red Hat Advisory RHSA-2024:9894. Applying this update fully mitigates the described vulnerabilities. No additional or alternative mitigations are indicated by the vendor advisory.
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Release Update
Description
Red Hat Ansible Automation Platform 2. 5 has been updated to address two security vulnerabilities in ansible-core: CVE-2024-8775 involves exposure of sensitive information in Ansible Vault files due to improper logging, and CVE-2024-9902 allows the ansible-core user to read or write unauthorized content. These issues have been fixed in ansible-core version 2. 16. 13, included in the Red Hat Ansible Automation Platform 2. 5 product release update. The update also includes various fixes and improvements to the Automation Platform UI, container-based platform, and RPM-based platform components. The vendor rates the security impact as moderate and provides official fixes in this update.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Ansible Automation Platform 2.5 addresses two security vulnerabilities in ansible-core. CVE-2024-8775 is an exposure of sensitive information in Ansible Vault files caused by improper logging practices. CVE-2024-9902 allows the ansible-core user to read and write unauthorized content, potentially leading to unauthorized access or modification of data. These vulnerabilities are fixed in ansible-core version 2.16.13, which is part of the updated Red Hat Ansible Automation Platform 2.5 release. Additional fixes and updates to related components such as the Automation Platform UI, automation-gateway, and installer setups are also included. The update is classified as having a moderate security impact by Red Hat Product Security.
Potential Impact
The vulnerabilities could lead to exposure of sensitive information stored in Ansible Vault files and unauthorized read/write access by the ansible-core user. This could compromise confidentiality and integrity of automation content managed by the platform. The overall security impact is rated moderate by Red Hat, indicating a significant but not critical risk to affected systems.
Mitigation Recommendations
Red Hat has released an official update for Ansible Automation Platform 2.5 that includes fixes for these vulnerabilities. Users should apply the updated ansible-core package version 2.16.13 and the associated platform updates as provided in Red Hat Advisory RHSA-2024:9894. Applying this update fully mitigates the described vulnerabilities. No additional or alternative mitigations are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:9894
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-9902"]
- Cvss Version
- null
Threat ID: 6a1f4e9ce29bf47b50086936
Added to database: 6/2/2026, 9:43:56 PM
Last enriched: 6/2/2026, 10:23:19 PM
Last updated: 6/3/2026, 5:08:06 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.