diff --git a/security.md b/security.md
index 64f9c623ad..3bf09e287b 100644
--- a/security.md
+++ b/security.md
@@ -15,6 +15,7 @@ The policy of the project is to treat all newly reported issues as private, and
 
 All security advisories made for Foreman are listed below with their corresponding [CVE identifier](https://cve.mitre.org/).
 
+* [CVE-2020-14334: World readable cache directory on RPM installs](security.html#2020-14334)
 * [CVE-2019-14825: Registry credentials are captured in plain text in dynflow task during repository discovery](security.html#2019-14825)
 * [CVE-2019-10198: Information disclosure in foreman tasks plugin](security.html#2019-10198)
 * [CVE-2019-3845: Lack of access control around Qpid message broker](security.html#2019-3845)
@@ -80,6 +81,21 @@ All security advisories made for Foreman are listed below with their correspondi
 
 ### Disclosure details
 
+#### <a id="2020-14334"></a>CVE-2020-14334: World readable cache could expose sensitive settigs
+Even encrypted settings have their raw values cached. Too permissive mode on cache dir caused, that anyone with access to the hosting system could read this encrypted settings.
+
+*Mitigation:* override directory mode to `750`.
+To do so, create a file `/etc/tmpfiles.d/foreman.conf` with following content and reboot the system.
+```
+d /run/foreman 0750 foreman foreman -
+```
+
+Additionaly it's better to rotate the OAuth keys and Remote Execution passwords
+
+* Affects RPM installations using file cache since Foreman 1.3
+* Fix released in Foreman 2.2.0, 2.1.1 and 2.0.2 and higher
+* Redmine issue [#30490](https://projects.theforeman.org/issues/30490)
+
 #### <a id="2019-14825"></a>CVE-2019-14825: Registry credentials are captured in plain text in dynflow task during repository discover
 A cleartext password storage issue was discovered in Katello. Registry credentials used during container image discovery were inadvertently logged without being masked. This could expose the registry credentials to other privileged users.