{"id":"PYSEC-2020-4","details":"A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.","aliases":["CVE-2020-14332","GHSA-j667-c2hm-f2wp"],"modified":"2023-11-08T04:02:26.234115Z","published":"2020-09-11T18:15:00Z","references":[{"type":"WEB","url":"https://github.com/ansible/ansible/pull/71033"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j667-c2hm-f2wp"}],"affected":[{"package":{"name":"ansible","ecosystem":"PyPI","purl":"pkg:pypi/ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.8.0"},{"fixed":"2.8.14"},{"introduced":"2.9.0"},{"fixed":"2.9.12"}]}],"versions":["2.8.0","2.8.1","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","2.8.10","2.8.11","2.8.12","2.8.13","2.9.0","2.9.1","2.9.2","2.9.3","2.9.4","2.9.5","2.9.6","2.9.7","2.9.8","2.9.9","2.9.10","2.9.11"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-4.yaml"}}],"schema_version":"1.7.3"}