A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed Subject header matching a legitimate client certificate DN to bypass mTLS authentication and inject arbitrary events into protected EDA event streams.
Metrics
Affected Vendors & Products
References
History
Wed, 15 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed Subject header matching a legitimate client certificate DN to bypass mTLS authentication and inject arbitrary events into protected EDA event streams. | |
| Title | Aap-gateway: missing requestheaderstoremove allows mtls bypass via subject header spoofing | |
| First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
| Weaknesses | CWE-290 | |
| CPEs | cpe:/a:redhat:ansible_automation_platform:2 | |
| Vendors & Products |
Redhat
Redhat ansible Automation Platform |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-15T18:09:45.985Z
Reserved: 2026-06-16T10:07:17.206Z
Link: CVE-2026-12382
Updated: 2026-07-15T18:09:42.973Z
No data.
No data.
OpenCVE Enrichment
No data.