Vulnerability Description
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Engine | >= 2.8.0, < 2.8.14 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332Issue TrackingVendor Advisory
- https://github.com/ansible/ansible/pull/71033PatchThird Party Advisory
- https://www.debian.org/security/2021/dsa-4950Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332Issue TrackingVendor Advisory
- https://github.com/ansible/ansible/pull/71033PatchThird Party Advisory
- https://www.debian.org/security/2021/dsa-4950Third Party Advisory
FAQ
What is CVE-2020-14332?
CVE-2020-14332 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unaut...
How severe is CVE-2020-14332?
CVE-2020-14332 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14332?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Engine, Debian Debian Linux.