Описание
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-14332
- https://github.com/ansible/ansible/pull/71033
- https://github.com/ansible/ansible/commit/291f94934c8c49eef85e6539087f2dfcd001fe4f
- https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a
- https://github.com/ansible/ansible/commit/714cd2ad2eff7f003d728414afcb91591fad5d9a
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
- https://github.com/advisories/GHSA-j667-c2hm-f2wp
- https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#security-fixes-3
- https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#security-fixes-4
- https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-6
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-4.yaml
- https://www.debian.org/security/2021/dsa-4950
Пакеты
ansible
< 2.8.14
2.8.14
ansible
>= 2.9.0a1, < 2.9.12
2.9.12
ansible
>= 2.10.0a1, < 2.10.1rc2
2.10.1rc2
EPSS
6.8 Medium
CVSS4
5.5 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks e ...
Уязвимость системы управления конфигурациями Ansible, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
6.8 Medium
CVSS4
5.5 Medium
CVSS3