CVE-2020-14330

MEDIUM Year: 2020
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

Related Vulnerabilities

CVE-2014-3536

MEDIUM
CVSS:5.5(Medium)

CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

CWE-5322014

CVE-2015-3243

MEDIUM
CVSS:5.5(Medium)

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

CWE-5322015

CVE-2016-4443

MEDIUM
CVSS:5.5(Medium)

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

CWE-5322016

CVE-2016-5967

MEDIUM
CVSS:5.5(Medium)

The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.

CWE-5322016

CVE-2016-9985

MEDIUM
CVSS:5.5(Medium)

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

CWE-5322016

CVE-2017-2592

MEDIUM
CVSS:5.5(Medium)

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error messa...

CWE-5322017