A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Affected Packages

PyPI ansible

Affected versions: 0 (fixed in 2.9.18)

Related CVEs

CVE-2021-20178

Key Information

GHSA ID

GHSA-wv5p-gmmv-wh9v

Published

June 1, 2021 9:53 PM

Last Modified

November 18, 2024 4:26 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

ansible

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.