CVE-2020-14332

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14332

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14332.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-14332

Aliases

Downstream

ALPINE-CVE-2020-14332

DEBIAN-CVE-2020-14332

DSA-4950-1

RHSA-2020:3600

SUSE-SU-2020:3309-1

SUSE-SU-2024:1509-1

UBUNTU-CVE-2020-14332

openSUSE-SU-2022:0081-1

openSUSE-SU-2024:10615-1

openSUSE-SU-2024:14244-1

openSUSE-SU-2024:14536-1

Related

Published

2020-09-11T18:15:13Z

Modified

2025-10-08T03:58:14.541044Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

2611867fd1dc387ceaa0ffb8ce0f030aafc2a859

Fixed

c404bd75ffa66a672b1fbf85fb46a5b3efbf326e

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9