CVE-2021-20191 – ansible: multiple modules expose secured values
https://notcve.org/view.php?id=CVE-2021-20191
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1916813 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html https://access.redhat.com/security/cve/CVE-2021-20191 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-25635
https://notcve.org/view.php?id=CVE-2020-25635
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. Se encontró un fallo en Ansible Base al usar el plugin de conexión aws_ssm, ya que la recolección de basura no está pasando después de que el playbook se haya completado. Los archivos permanecerían en el bucket exponiendo los datos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635 https://github.com/ansible-collections/community.aws/issues/222 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2020-25636
https://notcve.org/view.php?id=CVE-2020-25636
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. Se encontró un fallo en Ansible Base cuando se usa el plugin de conexión aws_ssm, ya que no posee una separación de espacios de nombres para las transferencias de archivos. Los archivos se escriben directamente en el bucket root, haciendo posible tener colisiones cuando se ejecutan múltiples procesos de ansible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25636 https://github.com/ansible-collections/community.aws/issues/221 • CWE-377: Insecure Temporary File CWE-552: Files or Directories Accessible to External Parties •