CVE-2020-14332

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-14332
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14332.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-14332
Aliases
Downstream
Related
Published
2020-09-11T18:15:13.303Z
Modified
2026-03-13T00:25:52.451458Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
2611867fd1dc387ceaa0ffb8ce0f030aafc2a859
Fixed
c404bd75ffa66a672b1fbf85fb46a5b3efbf326e
Introduced
24325a05dfb9104d6d4ec8b488b89e07c2e6d376
Fixed
40091190b267a697e4061ba0d351236e91f5c0d2
Database specific 
{
    "versions": [
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.14"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.12"
        }
    ]
}

Affected versions

v2.*
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.9.0
v2.9.1
v2.9.10
v2.9.11
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14332.json"