← Back

CVE-2021-20191

nvd nist
Published: May 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Affected (12)

Oracle
1 product
Virtualization
Redhat
7 products
Ansible
Ansible Tower
Cisco Nx Os Collection
Community General Collection
Community Network Collection
Docker Community Collection
Google Cloud Platform Ansible Collection
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Virtualization
Version 4.0
Redhat
Ansible
Before 2.8.19
Ansible
From 2.10.0 to 2.10.7
Ansible
From 2.9.0 to 2.9.18
Ansible Tower
Version 3.0
Cisco Nx Os Collection
Before 1.4.0
Redhat
Community General Collection
Before 1.3.6
Community General Collection
From 2.0.0 to 2.0.1
Redhat
Community Network Collection
Before 1.3.2
Community Network Collection
From 2.0.0 to 2.0.1
Docker Community Collection
Before 1.2.2
Google Cloud Platform Ansible Collection
Version 1.0.2

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

Source: secalert@redhat.com
Issue TrackingVendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.