CVE-2020-14329
Last modified
CVE-2020-14329 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Tower | < 3.7.2 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1856787Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1856787Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14329?
How severe is CVE-2020-14329?
How do I fix CVE-2020-14329?
Are you affected by CVE-2020-14329?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST