What is CVE-2020-14330?

CVE-2020-14330 is a medium-severity vulnerability in Red Hat Ansible, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.0/10. Published 2020-09-11.

How severe is CVE-2020-14330?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Is CVE-2020-14330 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Red Hat Ansible

CVE-2020-14330

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to re…

EPSS: 0.002 (44.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Red Hat Ansible — versions 2.10.0

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2020-14330?: CVE-2020-14330 is a medium-severity vulnerability in Red Hat Ansible, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.0/10. Published 2020-09-11.
How severe is CVE-2020-14330?: Medium severity. CVSS v3 base score is 5.0 out of 10.
Is CVE-2020-14330 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.