Auto-merge PR#4062

2025-06-19 17:32:41 +00:00 · 2020-06-18 08:50:12 -04:00 · 2020-06-18 08:50:12 -04:00 · 6b15fdca55
commit 6b15fdca55
parent 401f4946be ba889d9a93
1 changed files with 65 additions and 4 deletions
--- a/2020/10xxx/CVE-2020-10782.json
+++ b/2020/10xxx/CVE-2020-10782.json
@ -4,15 +4,76 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2020-10782",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psampaio@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Ansible Tower",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "3.7.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-276"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10782",
+                "refsource": "CONFIRM"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "6.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}