CVE-2020-14332

MEDIUM

Redhat Ansible Engine < 2.8.14 - Log Information Exposure

Title source: rule

Description

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

References (3)

[Patch, Third Party Advisory] https://github.com/ansible/ansible/pull/71033

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332

[Third Party Advisory] https://www.debian.org/security/2021/dsa-4950

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 47.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-532 CWE-117

Status published

Products (3)

debian/debian_linux 10.0

pypi/ansible 0 - 2.8.14PyPI

redhat/ansible_engine 2.8.0 - 2.8.14

Published Sep 11, 2020

Tracked Since Feb 18, 2026