CVE-2020-14337
MEDIUMRed Hat Ansible Tower - Sensitive Information Exposure via HTTP Error Codes
Title source: llmDescription
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1859139
Scores
CVSS v3
5.8
EPSS
0.0088
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (1)
redhat/ansible_tower
3.0.0
Published
Jul 31, 2020
Tracked Since
Feb 18, 2026