Description
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
References (1)
Core 1
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
11.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-276
CWE-200
CWE-732
Status
published
Products (1)
redhat/ansible_tower
3.7.0
Published
Jun 18, 2020
Tracked Since
Feb 18, 2026