Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-20178

UNKNOWN
Published 2021-05-26T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-20178. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Insertion of Sensitive Information into Log File in ansible

GHSA-wv5p-gmmv-wh9v

Advisory Details

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Affected Packages

PyPI ansible
ECOSYSTEM: ≥0 <2.9.18

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-20178
WEB https://github.com/ansible-collections/community.general/pull/1635
WEB https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1914774
ADVISORY https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
WEB https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes
WEB https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C
WEB https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
WEB https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml
WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55

Advisory provided by GitHub Security Advisory Database. Published: June 1, 2021, Modified: November 18, 2024

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
https://bugzilla.redhat.com/show_bug.cgi?id=1914774
https://github.com/ansible-collections/community.general/pull/1635%2C
https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Published: 2021-05-26T00:00:00
Last Modified: 2024-08-03T17:30:07.440Z
Copied to clipboard!