Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-20178

Опубликовано: 26 мая 2021
Источник: debian

Описание

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ansiblefixed2.10.7-1package
ansibleend-of-lifestretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1914774

  • https://github.com/ansible-collections/community.general/pull/1621

  • https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3

Связанные уязвимости

ubuntu логотип

CVE-2021-20178

CVSS3: 5.5
ubuntu
больше 4 лет назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

redhat логотип

CVE-2021-20178

CVSS3: 5
redhat
около 5 лет назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

nvd логотип

CVE-2021-20178

CVSS3: 5.5
nvd
больше 4 лет назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

msrc логотип

CVE-2021-20178

CVSS3: 5.5
msrc
больше 4 лет назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

github логотип

GHSA-wv5p-gmmv-wh9v

CVSS3: 5.5
github
больше 4 лет назад

Insertion of Sensitive Information into Log File in ansible