CVE-2020-14329: Infoleak
First published: Tue Jul 14 2020(Updated: )
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ansible_tower | <3.7.2 | 3.7.2 |
| Redhat Ansible Tower | <3.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14329?
CVE-2020-14329 is a data exposure flaw in Ansible Tower where sensitive data can be exposed from the /api/v2/labels/ endpoint.
How does CVE-2020-14329 impact Ansible Tower?
CVE-2020-14329 allows users from other organizations to retrieve any label from the organization and disclose organization names.
What is the severity of CVE-2020-14329?
CVE-2020-14329 has a severity value of 3.3, which is categorized as medium.
How can I fix CVE-2020-14329?
To fix CVE-2020-14329, upgrade Ansible Tower to version 3.7.2 or later.
Where can I find more information about CVE-2020-14329?
You can find more information about CVE-2020-14329 on the Red Hat Security Advisory RHSA-2020:3328, the Red Hat CVE page, and the Bugzilla page.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14329
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat ansible tower
- package-manager/redhat