x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2020-14332

[tatianab]

CVE-2020-14332 references github.com/ansible/ansible, which may be a Go module.

Description:
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-14332
• fix: copy - redact 'content' from invocation in check mode ansible/ansible#71033
• web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
• web: https://www.debian.org/security/2021/dsa-4950
• Imported by: https://pkg.go.dev/github.com/ansible/ansible?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/ansible/ansible
      vulnerable_at: 2.15.5+incompatible
      packages:
        - package: Ansible
cves:
    - CVE-2020-14332
references:
    - fix: https://github.com/ansible/ansible/pull/71033
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332
    - web: https://www.debian.org/security/2021/dsa-4950

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports