vulnerability
Ubuntu: (CVE-2020-14330): ansible vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Sep 11, 2020 | Jun 26, 2025 | Aug 18, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 11, 2020
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
Solution
no-fix-ubuntu-package
References
- CVE-2020-14330
- https://attackerkb.com/topics/CVE-2020-14330
- CWE-532
- URL-https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
- URL-https://github.com/ansible/ansible/issues/68400
- URL-https://github.com/ansible/ansible/pull/69653
- URL-https://www.cve.org/CVERecord?id=CVE-2020-14330
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.