Back to search
CVE-2020-14337
Published: Jul 31, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.
| Vendor | Product | Versions |
|---|---|---|
n/a | Ansible Tower | affected Ansible Tower 3.7.1 as well as previous versions are affected. |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1859139
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now