An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782 | Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-06-18T12:49:07
Updated: 2020-07-20T17:04:05
Reserved: 2020-03-20T00:00:00
Link: CVE-2020-10782
JSON object: View
NVD Information
Status : Modified
Published: 2020-06-18T13:15:10.053
Modified: 2023-11-07T03:14:23.807
Link: CVE-2020-10782
JSON object: View
Redhat Information
No data.