Information disclosure in Red Hat Ansible
CVE-2020-1753
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive par…
Vulnerability class: Information Disclosure
EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.
Affected products
- Red Hat Ansible — versions all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11, all Ansible 2.9.x versions prior to 2.9.7
Weakness classification (CWE)
Public proof-of-concept exploits
References
- bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
- github.com/ansible-collections/kubernetes/pull/51 (x_refsource_CONFIRM)
- FEDORA-2020-1b6ce91e37 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2020-3990f03ba3 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2020-f80154b5b4 (vendor-advisory, x_refsource_FEDORA)
- GLSA-202006-11 (vendor-advisory, x_refsource_GENTOO)
- DSA-4950 (vendor-advisory, x_refsource_DEBIAN)
Frequently asked questions
- What is CVE-2020-1753?
- CVE-2020-1753 is a medium-severity vulnerability in Red Hat Ansible, classified under Information Disclosure. CVSS score: 5.0/10. Published 2020-03-16.
- How severe is CVE-2020-1753?
- Medium severity. CVSS v3 base score is 5.0 out of 10.
- Is CVE-2020-1753 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.