Vulnerability CVE-2020-14332: Information
Description
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
ansible | p10 | 2.9.13-alt1 | 2.9.27-alt3.p10.2 | ALT-PU-2020-2923-1 | 259006 | Fixed |
ansible | p9 | 2.9.13-alt1 | 2.9.27-alt1 | ALT-PU-2020-3006-1 | 259265 | Fixed |
ansible | c10f1 | 2.9.13-alt1 | 2.9.27-alt3.p10.1 | ALT-PU-2020-2923-1 | 259006 | Fixed |
ansible | c9f2 | 2.9.21-alt1 | 2.9.26-alt2 | ALT-PU-2021-1800-1 | 271383 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/ansible/ansible/pull/71033 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332 |
|
DSA-4950 |
|