← back
CVE-2020-14329

CVE-2020-14329

EPSS 0.3%CWE-200
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
Affected products
n/a · Tower