CVE-2020-14330
Severity
5.5MEDIUM
EPSS
0.1%
top 67.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateFeb 9
Description
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 10.0
🔴Vulnerability Details
4OSV▶
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible↗2022-02-09
GHSA▶
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible↗2022-02-09
OSV▶
CVE-2020-14330: An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json ou↗2020-09-11
CVEList▶
CVE-2020-14330: An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json ou↗2020-09-11
📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2020-14330 ansible: masked keys for uri module are exposed into content and json output [openstack-rdo]↗2020-07-22
Bugzilla▶
CVE-2020-14330 ansible: masked keys for uri module are exposed into content and json output [openstack-rdo]↗2020-07-22
Bugzilla▶
CVE-2020-14330 ansible: masked keys for uri module are exposed into content and json output [fedora-all]↗2020-07-15
Bugzilla▶
CVE-2020-14330 ansible: masked keys for uri module are exposed into content and json output [epel-all]↗2020-07-15
Bugzilla▶
CVE-2020-14330 Ansible: masked keys for uri module are exposed into content and json output↗2020-07-14