What is CVE-2020-1746?

CVE-2020-1746 is a medium-severity vulnerability in Red Hat Ansible, classified under Information Disclosure. CVSS score: 5.0/10. Published 2020-05-12.

How severe is CVE-2020-1746?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Is CVE-2020-1746 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Red Hat Ansible

CVE-2020-1746

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr…

Vulnerability class: Information Disclosure

EPSS: 0.001 (30.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Red Hat Ansible — versions ansible-engine versions 2.7.x before 2.7.17, ansible-engine versions 2.8.x before 2.8.11, ansible-engine versions 2.9.x before 2.9.7

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

n0-traces/cve_

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
github.com/ansible/ansible/pull/67866 (x_refsource_CONFIRM)
DSA-4950 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2020-1746?: CVE-2020-1746 is a medium-severity vulnerability in Red Hat Ansible, classified under Information Disclosure. CVSS score: 5.0/10. Published 2020-05-12.
How severe is CVE-2020-1746?: Medium severity. CVSS v3 base score is 5.0 out of 10.
Is CVE-2020-1746 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.