CVE-2020-14332
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
5.5
MEDIUM
CVSS 3.1
EPSS 0.24%
Description
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
How to fix CVE-2020-14332
To remediate CVE-2020-14332, upgrade the affected package to a fixed version below.
- —upgrade to 2.8.15-r0 or later
- —upgrade to 2.9.13-r0 or later
- —upgrade to 2.9.13+dfsg-1 or later
- —upgrade to 2.8.14 or later
- —upgrade to 2.8.14 or later
Is CVE-2020-14332 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 2.8.15-r0
- from 0, < 2.9.13-r0
- from 0, < 2.9.13+dfsg-1
- from 0, < 2.8.14
- >= 2.8.0, < 2.8.14, >= 2.9.0, < 2.9.12
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |