CVE-2020-10782
MEDIUMAnsible Tower 3.7.0 - Sensitive Information Exposure via Rsyslog Configuration File
Title source: llmDescription
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
References (1)
Core 1
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782
Scores
CVSS v3
6.5
EPSS
0.0029
EPSS Percentile
20.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-276
CWE-732
Status
published
Products (1)
redhat/ansible_tower
3.7.0
Published
Jun 18, 2020
Tracked Since
Feb 18, 2026