| |
Vulnerability CVE-2020-10782
Published: 2020-06-18
| Description: |
An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. |
Type:
CWE-276 (Incorrect Default Permissions)
CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
2.1/10 |
2.9/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
