{"id":"RHSA-2024:1640","summary":"Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update","modified":"2026-04-16T10:09:01Z","published":"2024-09-30T15:52:23Z","related":["GO-2023-2382","GO-2024-2660"],"upstream":["CVE-2023-39326","CVE-2023-41040","CVE-2023-45857","CVE-2023-46137","CVE-2023-47627","CVE-2023-49083","CVE-2024-1394","CVE-2024-22195","CVE-2024-23334","CVE-2024-23829","CVE-2024-24680","CVE-2024-27351"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1640"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246264"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247040"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249825"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253330"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255331"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257854"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261856"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261887"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261909"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262921"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266045"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1640.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-39326"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-39326"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39326"},{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2023-2382"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-41040"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-41040"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41040"},{"type":"ARTICLE","url":"https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-45857"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-45857"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45857"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-46137"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-46137"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46137"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-47627"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-47627"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47627"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-49083"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-49083"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49083"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/pull/9926"},{"type":"ARTICLE","url":"https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-1394"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-1394"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1394"},{"type":"ARTICLE","url":"https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"},{"type":"ARTICLE","url":"https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"},{"type":"ARTICLE","url":"https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"},{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2024-2660"},{"type":"ARTICLE","url":"https://vuln.go.dev/ID/GO-2024-2660.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-22195"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-22195"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22195"},{"type":"ARTICLE","url":"https://github.com/pallets/jinja/releases/tag/3.1.3"},{"type":"ARTICLE","url":"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-23334"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-23334"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23334"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-23829"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-23829"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23829"},{"type":"ARTICLE","url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-24680"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-24680"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-27351"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-27351"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351"},{"type":"ARTICLE","url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/"}],"affected":[{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_developer:2.4::el8","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform_developer:2.4::el8","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_inside:2.4::el8","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform_inside:2.4::el8","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_developer:2.4::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform_developer:2.4::el9","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform_inside:2.4::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform_inside:2.4::el9","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptor","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/receptor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"receptorctl","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/receptorctl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.5-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.5-2.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"automation-controller-venv-tower","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/automation-controller-venv-tower"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.5-2.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python39-aiohttp","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/python39-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python39-aiohttp-debuginfo","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/python39-aiohttp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python3x-aiohttp","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/python3x-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python3x-aiohttp-debugsource","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/python3x-aiohttp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python-aiohttp","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/python-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python-aiohttp-debugsource","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/python-aiohttp-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python3-aiohttp","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/python3-aiohttp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python3-aiohttp-debuginfo","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/python3-aiohttp-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.3-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python39-django","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/python39-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.11-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python3x-django","ecosystem":"Red Hat:ansible_automation_platform:2.4::el8","purl":"pkg:rpm/redhat/python3x-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.11-1.el8ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python-django","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/python-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.11-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}},{"package":{"name":"python3-django","ecosystem":"Red Hat:ansible_automation_platform:2.4::el9","purl":"pkg:rpm/redhat/python3-django"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.11-1.el9ap"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1640.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}