CVE-2021-20191
ansible: multiple modules expose secured values
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
Se encontró un fallo en ansible. Las credenciales, como los secretos, son divulgadas en el registro de la consola por defecto y no están protegidas por la función no_log cuando son usados esos módulos. Un atacante puede tomar ventaja de esta información para robar esas credenciales. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos. Las versiones anteriores a ansible versión 2.9.18 están afectadas
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-02-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1916813 | 2021-06-01 | |
| https://access.redhat.com/security/cve/CVE-2021-20191 | 2021-06-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Virtualization Search vendor "Oracle" for product "Virtualization" | 4.0 Search vendor "Oracle" for product "Virtualization" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | < 2.8.19 Search vendor "Redhat" for product "Ansible" and version " < 2.8.19" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.9.0 < 2.9.18 Search vendor "Redhat" for product "Ansible" and version " >= 2.9.0 < 2.9.18" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Search vendor "Redhat" for product "Ansible" | >= 2.10.0 < 2.10.7 Search vendor "Redhat" for product "Ansible" and version " >= 2.10.0 < 2.10.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | 3.0 Search vendor "Redhat" for product "Ansible Tower" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cisco Nx-os Collection Search vendor "Redhat" for product "Cisco Nx-os Collection" | < 1.4.0 Search vendor "Redhat" for product "Cisco Nx-os Collection" and version " < 1.4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Community General Collection Search vendor "Redhat" for product "Community General Collection" | < 1.3.6 Search vendor "Redhat" for product "Community General Collection" and version " < 1.3.6" | ansible |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Community General Collection Search vendor "Redhat" for product "Community General Collection" | >= 2.0.0 < 2.0.1 Search vendor "Redhat" for product "Community General Collection" and version " >= 2.0.0 < 2.0.1" | ansible |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Community Network Collection Search vendor "Redhat" for product "Community Network Collection" | < 1.3.2 Search vendor "Redhat" for product "Community Network Collection" and version " < 1.3.2" | ansible |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Community Network Collection Search vendor "Redhat" for product "Community Network Collection" | >= 2.0.0 < 2.0.1 Search vendor "Redhat" for product "Community Network Collection" and version " >= 2.0.0 < 2.0.1" | ansible |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Docker Community Collection Search vendor "Redhat" for product "Docker Community Collection" | < 1.2.2 Search vendor "Redhat" for product "Docker Community Collection" and version " < 1.2.2" | ansible |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Google Cloud Platform Ansible Collection Search vendor "Redhat" for product "Google Cloud Platform Ansible Collection" | 1.0.2 Search vendor "Redhat" for product "Google Cloud Platform Ansible Collection" and version "1.0.2" | - |
Affected
| ||||||