CVE-2020-10782: Infoleak
First published: Thu Jun 18 2020(Updated: )
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Ansible Tower | =3.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10782?
CVE-2020-10782 is a vulnerability in Ansible version 3.7.0 that exposes sensitive information, such as tokens and other secrets, due to incorrect permissions on the rsyslog configuration file.
How does CVE-2020-10782 impact me?
CVE-2020-10782 can allow an attacker to read and expose sensitive information, posing a threat to confidentiality and potentially leading to further security breaches.
What software versions are affected by CVE-2020-10782?
Ansible version 3.7.0 is affected by CVE-2020-10782.
What is the severity of CVE-2020-10782?
The severity of CVE-2020-10782 is rated as medium with a CVSS score of 6.5.
How can I mitigate CVE-2020-10782?
To mitigate CVE-2020-10782, it is recommended to update Ansible to a version where the vulnerability is fixed and ensure proper permissions are set on the rsyslog configuration file.
- collector/nvd-index
- vendor/redhat
- canonical/redhat ansible tower
- version/redhat ansible tower/3.7.0