Medium
CVSS 5.3
Overview
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
CVE-2025-5988
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) o...
Risk analysis
This vulnerability is rated 🟡 MEDIUM.
- CVSS: 5.3 (MEDIUM)
- Detected tags: csrf (tag impact: MODERATE)
Recommended actions:
- CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.