CVE-2020-10698 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2020-10698?

CVE-2020-10698 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-10698?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Tower.

Vulnerability Description

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ansible Tower	< 3.4.6

Related Weaknesses (CWE)

CWE-200

References

https://bugzilla.redhat.com/show_bug.cgi?id=1818924Issue TrackingPatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1818924Issue TrackingPatchVendor Advisory

FAQ

What is CVE-2020-10698?

CVE-2020-10698 is a vulnerability with a CVSS score of 3.3 (LOW). A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed....

How severe is CVE-2020-10698?

CVE-2020-10698 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10698?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Tower.