Vulnerability CVE-2020-14330


Published: 2020-09-11

Description:
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

Type:

CWE-116

(Improper Encoding or Escaping of Output)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> Ansible engine 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
https://github.com/ansible/ansible/issues/68400

Copyright 2020, cxsecurity.com

 

Back to Top