CVE-2021-3620
UNKNOWN
Published 2022-03-03T18:23:38.000Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2021-3620. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Ansible discloses sensitive information in traceback error message
GHSA-4r65-35qq-ch8jAdvisory Details
Ansible is an IT automation system that handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. A flaw was found in Ansible Engine's ansible-connection module where sensitive information, such as the Ansible user credentials, is disclosed by default in the traceback error message when Ansible receives an unexpected response from `set_options`. The highest threat from this vulnerability is confidentiality.
Affected Packages
PyPI
ansible
ECOSYSTEM:
≥0
<2.9.27
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: March 4, 2022, Modified: September 9, 2024
References
Published: 2022-03-03T18:23:38.000Z
Last Modified: 2025-02-13T16:28:25.255Z
Copied to clipboard!