← voltar
CVE-2020-14330

CVE-2020-14330

CVSS 5 MEDIUMEPSS 0.6%CWE-532
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
11 set 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Produtos afetados
Red Hat · Ansible

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330https://github.com/ansible/ansible/issues/68400https://www.debian.org/security/2021/dsa-4950