CVE-2020-14332

MEDIUM5.5EPSS 0.24%

Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible

Published: 2/9/2022Modified: 4/28/2026

Description

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

Affected packages (5)

Alpine/ansiblefrom 0, < 2.8.15-r0
Alpine/ansible-basefrom 0, < 2.9.13-r0
Debian/ansiblefrom 0, < 2.9.13+dfsg-1
PyPI/ansiblefrom 0, < 2.8.14
PyPI/ansible>= 2.8.0, < 2.8.14, >= 2.9.0, < 2.9.12

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (15)

ADVISORYhttps://github.com/advisories/GHSA-j667-c2hm-f2wp
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-14332
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2020-14332
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-14332
PATCHhttps://github.com/ansible/ansible
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
WEBhttps://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#security-fixes-3
WEBhttps://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#security-fixes-4
WEBhttps://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-6
WEBhttps://github.com/ansible/ansible/commit/291f94934c8c49eef85e6539087f2dfcd001fe4f
WEBhttps://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a
WEBhttps://github.com/ansible/ansible/commit/714cd2ad2eff7f003d728414afcb91591fad5d9a
WEBhttps://github.com/ansible/ansible/pull/71033
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-4.yaml
WEBhttps://www.debian.org/security/2021/dsa-4950