Vulnerability Details : CVE-2020-14337
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.
Products affected by CVE-2020-14337
- cpe:2.3:a:redhat:ansible_tower:3.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14337
1.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14337
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2020-14337
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2020-14337
-
https://bugzilla.redhat.com/show_bug.cgi?id=1859139
1859139 – (CVE-2020-14337) CVE-2020-14337 Tower: Named URLs allow for testing the presence or absence of objectsIssue Tracking;Vendor Advisory
Jump to