CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3620 – Ansible: ansible-connection module discloses sensitive info in traceback error message
https://notcve.org/view.php?id=CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el módulo ansible-connection de Ansible Engine, en el que información confidencial, como las credenciales de usuario de Ansible, es revelado por defecto en el mensaje de error de rastreo. La mayor amenaza de esta vulnerabilidad es la confidencialidad • https://bugzilla.redhat.com/show_bug.cgi?id=1975767 https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html https://access.redhat.com/security/cve/CVE-2021-3620 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1842 – openstack-puppet-modules: pacemaker configured with default password
https://notcve.org/view.php?id=CVE-2015-1842
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. Puppet Manifests en el paquete openstack-puppet-modules de Red Hat anterior a 2014.2.13-2 utiliza una contraseño por defecto de CHANGEME para el demonio pcsd, lo que permite a atacantes remotos ejecutar comandos de shell arbitrarios a través de vectores no especificados. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. • http://rhn.redhat.com/errata/RHSA-2015-0789.html http://rhn.redhat.com/errata/RHSA-2015-0791.html http://rhn.redhat.com/errata/RHSA-2015-0830.html http://rhn.redhat.com/errata/RHSA-2015-0831.html http://rhn.redhat.com/errata/RHSA-2015-0832.html http://www.securityfocus.com/bid/74049 https://bugzilla.redhat.com/show_bug.cgi?id=1201875 https://access.redhat.com/security/cve/CVE-2015-1842 • CWE-255: Credentials Management Errors CWE-798: Use of Hard-coded Credentials •