CVE-2020-10782 — MEDIUM (6.5)

Vulnerability Description

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ansible Tower	3.7.0

Related Weaknesses (CWE)

CWE-732 CWE-200 CWE-276

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782Issue Tracking

FAQ

What is CVE-2020-10782?

CVE-2020-10782 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, wh...

How severe is CVE-2020-10782?

CVE-2020-10782 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10782?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Tower.