Vulnerability Details : CVE-2020-14329
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
Vulnerability category: Information leak
Products affected by CVE-2020-14329
- cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14329
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14329
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2020-14329
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: secalert@redhat.com (Primary)
References for CVE-2020-14329
-
https://bugzilla.redhat.com/show_bug.cgi?id=1856787
1856787 – (CVE-2020-14329) CVE-2020-14329 Tower: Sensitive Data Exposure on LabelIssue Tracking;Vendor Advisory
Jump to