Main Vulnerability Database SB2020102017

SB2020102017 - Input validation error in ansible-base (Alpine package)

Published: October 20, 2020

Security Bulletin ID SB2020102017

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2020-14330)

The vulnerability allows a local authenticated user to gain access to sensitive information.

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=1c91c42488dbe0f50748aa289bb20c5c4c29be2c