CVE-2020-10782

Summary

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.

Affected Software

VendorProductVersion RangeStatus
Red HatAnsible TowerAffected: version 3.7.0affected
Red HatAnsible TowerFixed: version 3.7.1affected

Weaknesses

  • CWE-276: CWE-276
  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References