A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Affected Packages

PyPI ansible

Affected versions: 2.8.0a1 (fixed in 2.8.19)

PyPI ansible

Affected versions: 2.9.0b1 (fixed in 2.9.18)

Related CVEs

CVE-2021-20180

Key Information

GHSA ID

GHSA-fh5v-5f35-2rv2

Published

March 17, 2022 12:00 AM

Last Modified

June 29, 2022 12:15 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

ansible

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:38 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.