Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Red Hat Ansible Automation Platform 2. 5 includes a security update addressing a vulnerability in the automation-controller component where the aiohttp library is susceptible to HTTP request smuggling due to incorrect parsing of chunk extensions (CVE-2024-52304). This vulnerability is rated as moderate severity by Red Hat. The update also includes multiple bug fixes and improvements across the platform components. The advisory does not indicate any known exploits in the wild. The update is available as Red Hat Ansible Automation Platform 2. 5 version 4. 6. 3 for automation-controller and related component updates.
AI Analysis
Technical Summary
The vulnerability CVE-2024-52304 affects the aiohttp library used by the automation-controller in Red Hat Ansible Automation Platform 2.5. It involves incorrect parsing of chunk extensions in HTTP requests, leading to a request smuggling vulnerability. This could potentially allow an attacker to interfere with HTTP request processing. Red Hat has released an update to automation-controller version 4.6.3 that addresses this issue. The advisory also includes fixes for other bugs and improvements in the platform's components such as receptor and container-based deployment configurations. The security impact is rated moderate, and no known exploits have been reported.
Potential Impact
The vulnerability allows for HTTP request smuggling due to improper parsing of chunk extensions in aiohttp within the automation-controller. This could affect the integrity of HTTP request handling in the platform. Red Hat rates the security impact as moderate. No known exploits in the wild have been reported, reducing immediate risk. The vulnerability could potentially be leveraged to bypass security controls or interfere with request processing if exploited.
Mitigation Recommendations
Red Hat has released an official security update for Ansible Automation Platform 2.5 that includes a fix for CVE-2024-52304 by updating the automation-controller to version 4.6.3. Users should apply this update promptly to remediate the vulnerability. The advisory provides detailed update instructions and additional bug fixes. Since this is not a cloud service, remediation requires applying the vendor-provided patch. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated beyond applying the update.
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Description
Red Hat Ansible Automation Platform 2. 5 includes a security update addressing a vulnerability in the automation-controller component where the aiohttp library is susceptible to HTTP request smuggling due to incorrect parsing of chunk extensions (CVE-2024-52304). This vulnerability is rated as moderate severity by Red Hat. The update also includes multiple bug fixes and improvements across the platform components. The advisory does not indicate any known exploits in the wild. The update is available as Red Hat Ansible Automation Platform 2. 5 version 4. 6. 3 for automation-controller and related component updates.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2024-52304 affects the aiohttp library used by the automation-controller in Red Hat Ansible Automation Platform 2.5. It involves incorrect parsing of chunk extensions in HTTP requests, leading to a request smuggling vulnerability. This could potentially allow an attacker to interfere with HTTP request processing. Red Hat has released an update to automation-controller version 4.6.3 that addresses this issue. The advisory also includes fixes for other bugs and improvements in the platform's components such as receptor and container-based deployment configurations. The security impact is rated moderate, and no known exploits have been reported.
Potential Impact
The vulnerability allows for HTTP request smuggling due to improper parsing of chunk extensions in aiohttp within the automation-controller. This could affect the integrity of HTTP request handling in the platform. Red Hat rates the security impact as moderate. No known exploits in the wild have been reported, reducing immediate risk. The vulnerability could potentially be leveraged to bypass security controls or interfere with request processing if exploited.
Mitigation Recommendations
Red Hat has released an official security update for Ansible Automation Platform 2.5 that includes a fix for CVE-2024-52304 by updating the automation-controller to version 4.6.3. Users should apply this update promptly to remediate the vulnerability. The advisory provides detailed update instructions and additional bug fixes. Since this is not a cloud service, remediation requires applying the vendor-provided patch. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated beyond applying the update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:10766
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-53259"]
- Cvss Version
- null
Threat ID: 6a1f4e97e29bf47b500862d4
Added to database: 6/2/2026, 9:43:51 PM
Last enriched: 6/2/2026, 10:23:08 PM
Last updated: 6/3/2026, 5:00:14 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.