CVE-2020-10698 Information

Description

A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However critical data should not be disclosed as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4 Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1818924

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.3