CVE-2020-14332
Description
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.149
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10744,CVE-2020-14332 are fixed in Python-ansible 2.9.12 | Windows |
| Vulnerabilities CVE-2020-14332 are fixed in Python-ansible 2.10.1rc2 | Windows |
| Vulnerabilities CVE-2020-14332 are fixed in Python-ansible 2.8.14 | Windows |
| ansible security update(DSA-4950-1) ansible_2.7.7+dfsg-1+deb10u1_all.deb | Linux |
| ansible security update(DSA-4950-1) Debian_ansible_2.7.7+dfsg-1+deb10u1_all.deb | Linux |
| Vulnerabilities CVE-2020-10744,CVE-2020-14332 are fixed in Python-ansible for linux 2.9.12 | Linux |
| Vulnerabilities CVE-2020-14332 are fixed in Python-ansible for linux 2.10.1rc2 | Linux |
| Vulnerabilities CVE-2020-14332 are fixed in Python-ansible for linux 2.8.14 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234