Main Vulnerability Database Vulnerabilities #VU29197

Information disclosure in Ansible Tower - CVE-2020-10782

Published: June 22, 2020

Vulnerability identifier: #VU29197

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-10782

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ansible Tower

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the rsyslog configuration file, which has set the wrong world-readable permissions. A remote attacker can gain unauthorized access to sensitive information on the system, such as Splunk tokens.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782

Information disclosure in Ansible Tower - CVE-2020-10782

Description

Remediation

External links

Please verify you're human