CVE-2021-20191

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cisco_nx-os_collection:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:docker_community_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:google_cloud_platform_ansible_collection:1.0.2:*:*:*:*:*:*:*

History

28 Dec 2023, 19:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html -

03 Jun 2021, 13:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 5.5
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1916813 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1916813 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:redhat:cisco_nx-os_collection:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:docker_community_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:google_cloud_platform_ansible_collection:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

26 May 2021, 21:22

Type Values Removed Values Added
CWE CWE-532

26 May 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-26 21:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-20191

Mitre link : CVE-2021-20191

CVE.ORG link : CVE-2021-20191


JSON object : View

Products Affected

redhat

  • community_network_collection
  • community_general_collection
  • docker_community_collection
  • ansible
  • ansible_tower
  • google_cloud_platform_ansible_collection
  • cisco_nx-os_collection

oracle

  • virtualization
CWE
CWE-532

Insertion of Sensitive Information into Log File