Your submission was sent successfully! Close

CVE-2020-1746

Published: 12 May 2020

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.

Priority

Medium

CVSS 3 base score: 5.0

Status

Package Release Status
ansible
Launchpad, Ubuntu, Debian
bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Not vulnerable
(2.9.7+dfsg-1)
hirsute Not vulnerable
(2.9.7+dfsg-1)
impish Not vulnerable
(2.9.7+dfsg-1)
jammy Not vulnerable
(2.9.7+dfsg-1)
precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)