CVE-2020-14330
MEDIUMAnsible Engine < 2.9.12 and Ansible < 2.10.0 - Sensitive Information Exposure in URI Module Logs
Title source: llmDescription
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4950
Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
Exploit, Issue Tracking, Third Party Advisory
https://github.com/ansible/ansible/issues/68400
Scores
CVSS v3
5.0
EPSS
0.0057
EPSS Percentile
42.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (3)
debian/debian_linux
10.0
pypi/ansible
0 - 2.10.0PyPI
redhat/ansible_engine
< 2.9.12
Published
Sep 11, 2020
Tracked Since
Feb 18, 2026