Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-14330

Опубликовано: 11 сент. 2020
Источник: debian
EPSS Низкий

Описание

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ansiblefixed2.9.13+dfsg-1package
ansibleend-of-lifestretchpackage

Примечания

  • https://github.com/ansible/ansible/issues/68400

  • Initial fix: https://github.com/ansible/ansible/pull/69653

  • Complete fix (reverting first and adding more elaborated fix):

  • https://github.com/ansible/ansible/pull/70762

  • https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e

  • https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1 (v2.9.12)

EPSS

Процентиль: 33%
0.00133
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-14330

CVSS3: 5
ubuntu
больше 5 лет назад

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

redhat логотип

CVE-2020-14330

CVSS3: 5
redhat
почти 6 лет назад

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

nvd логотип

CVE-2020-14330

CVSS3: 5
nvd
больше 5 лет назад

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

github логотип

GHSA-785x-qw4v-6872

CVSS3: 5.5
github
почти 4 года назад

Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible

fstec логотип

BDU:2022-00279

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость модуля URI системы управления конфигурациями Ansible, связанная с недостатком механизма кодирование или экранирование выходных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 33%
0.00133
Низкий