Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-20191

UNKNOWN
Published 2021-05-26T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-20191. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Insertion of Sensitive Information into Log File in ansible

GHSA-8f4m-hccc-8qph

Advisory Details

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.

Affected Packages

PyPI ansible
ECOSYSTEM: ≥2.9.0a1 <2.9.18rc1
PyPI ansible
ECOSYSTEM: ≥0 <2.8.19rc1
PyPI ansible
ECOSYSTEM: ≥2.10.0a1 <2.10.7

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-20191
WEB https://github.com/ansible/ansible/pull/73488
WEB https://github.com/ansible/ansible/pull/73489
WEB https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0
WEB https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc
WEB https://access.redhat.com/security/cve/cve-2021-20191
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1916813
ADVISORY https://github.com/advisories/GHSA-8f4m-hccc-8qph
PACKAGE https://github.com/ansible/ansible
WEB https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml
WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Advisory provided by GitHub Security Advisory Database. Published: June 1, 2021, Modified: September 10, 2024

References

https://bugzilla.redhat.com/show_bug.cgi?id=1916813
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Published: 2021-05-26T00:00:00
Last Modified: 2024-08-03T17:30:07.571Z
Copied to clipboard!