CVE & Exploit Intelligence Database

CVE-2020-25646 7.5 HIGH 1 Writeup EPSS 0.00

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

CWE-116 Oct 29, 2020

CVE-2020-11644 6.5 MEDIUM EPSS 0.00

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.

CWE-117 Oct 15, 2020

CVE-2020-14332 5.5 MEDIUM EPSS 0.00

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

CWE-532 Sep 11, 2020

CVE-2020-4072 5.3 MEDIUM 1 Writeup EPSS 0.00

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.

CWE-117 Jun 25, 2020

CVE-2019-14854 6.5 MEDIUM EPSS 0.00

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

CWE-532 Jan 07, 2020

CVE-2019-14864 6.5 MEDIUM EPSS 0.01

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

CWE-532 Jan 02, 2020

CVE-2019-10213 6.5 MEDIUM EPSS 0.00

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

CWE-532 Nov 25, 2019

CVE-2019-14858 5.5 MEDIUM EPSS 0.00

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

CWE-532 Oct 14, 2019

CVE-2019-14846 7.8 HIGH EPSS 0.00

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

CWE-532 Oct 08, 2019

CVE-2018-10932 4.3 MEDIUM EPSS 0.00

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

CWE-119 Aug 21, 2018