Data Exposure Vulnerability in Ansible Engine Affecting Ansible Users
CVE-2020-14332

5.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Ansible
Vendor
CVE Published:
11 September 2020

Summary

A vulnerability exists in Ansible Engine related to the handling of sensitive information during task execution in check mode. When using the module_args parameter, sensitive data may not be adequately neutralized in event data. This oversight could enable unauthorized users to access confidential data, posing a significant risk to user privacy and data confidentiality.

Affected Version(s)

Ansible 2.9.12

Ansible 2.8.14

References

https://github.com/ansible/ansible/pull/71033
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
x_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-4950
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.