CVE-2020-10698
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
Se encontró un fallo en Ansible Tower cuando se ejecutan trabajos. Este fallo permite a un atacante acceder a la salida estándar de los trabajos realizados que son ejecutados desde otras organizaciones. Algunos datos confidenciales pueden ser divulgados. Sin embargo, los datos críticos no deben divulgarse, ya que deben estar protegidos por el indicador no_log cuando la depuración está habilitada. Este fallo afecta a Ansible Tower versiones anteriores a 3.6.4, Ansible Tower versiones anteriores a 3.5.6 y Ansible Tower versiones anteriores a 3.4.6
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2021-05-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1818924 | 2022-06-15 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | < 3.4.6 Search vendor "Redhat" for product "Ansible Tower" and version " < 3.4.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.5.0 < 3.5.6 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.5.0 < 3.5.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | >= 3.6.0 < 3.6.4 Search vendor "Redhat" for product "Ansible Tower" and version " >= 3.6.0 < 3.6.4" | - |
Affected
|