Description
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
Related CPE's
a
redhat
ansible_engine
3
Vulnerable
Vulnerable
Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1925002
Issue TrackingThird Party Advisory
https://github.com/ansible/ansible/pull/73487
PatchThird Party Advisory
https://www.debian.org/security/2021/dsa-4950
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2021-04-29T16:15:09.737
4 years agoLast modified
2023-11-07T03:29:01.053
1 year ago