CVE-2020-14330
Last modified
CVE-2020-14330 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Engine | < 2.9.12 |
| Debian | Debian Linux | 10.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330Issue Tracking, Vendor Advisory
- https://github.com/ansible/ansible/issues/68400Exploit, Issue Tracking, Third Party Advisory
- https://www.debian.org/security/2021/dsa-4950Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330Issue Tracking, Vendor Advisory
- https://github.com/ansible/ansible/issues/68400Exploit, Issue Tracking, Third Party Advisory
- https://www.debian.org/security/2021/dsa-4950Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14330?
How severe is CVE-2020-14330?
How do I fix CVE-2020-14330?
Are you affected by CVE-2020-14330?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST