CVE-2020-14332

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ansible Engine (affected versions not specified)

Description A flaw was found in the Ansible Engine when using module args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. The issue is related to improper handling of log output, which can be exploited to gain access to confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-117

Related Identifiers

ALT-PU-2020-2923

ALT-PU-2020-3006

ALT-PU-2021-1800

BDU:2022-00280

CVE-2020-14332

DSA-4950-1

GHSA-J667-C2HM-F2WP

OPENSUSE-SU-2022:0081-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

PYSEC-2020-4

RHSA-2020:3600

SUSE-SU-2020:3309-1

SUSE-SU-2024:1509-1

Affected Products

Alt Linux

Ansible Engine

Astra Linux

CVE-2020-14332

Weakness Enumeration

Related Identifiers

Affected Products

References · 185