CVE-2020-14330
MEDIUMRedhat Ansible Engine < 2.9.12 - Log Information Exposure
Title source: ruleDescription
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4950
Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
Exploit, Issue Tracking, Third Party Advisory
https://github.com/ansible/ansible/issues/68400
Scores
CVSS v3
5.0
EPSS
0.0022
EPSS Percentile
44.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (3)
debian/debian_linux
10.0
pypi/ansible
0 - 2.10.0PyPI
redhat/ansible_engine
< 2.9.12
Published
Sep 11, 2020
Tracked Since
Feb 18, 2026