#VU47114 Input validation error - CVE-2020-14330
Published: September 11, 2020 / Updated: September 26, 2020
Vulnerability identifier: #VU47114
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-14330
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a local authenticated user to gain access to sensitive information.
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
Remediation
Install update from vendor's website.