Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20191

Опубликовано: 26 мая 2021
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Версия до 2.8.19 (исключая)
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Версия от 2.9.0 (включая) до 2.9.18 (исключая)
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Версия от 2.10.0 (включая) до 2.10.7 (исключая)
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cisco_nx-os_collection:*:*:*:*:*:*:*:*
Версия до 1.4.0 (исключая)
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*
Версия до 1.3.6 (исключая)
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*
Версия от 2.0.0 (включая) до 2.0.1 (исключая)
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*
Версия до 1.3.2 (исключая)
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*
Версия от 2.0.0 (включая) до 2.0.1 (исключая)
cpe:2.3:a:redhat:docker_community_collection:*:*:*:*:*:ansible:*:*
Версия до 1.2.2 (исключая)
cpe:2.3:a:redhat:google_cloud_platform_ansible_collection:1.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 11%
0.00037
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532

Связанные уязвимости

ubuntu логотип

CVE-2021-20191

CVSS3: 5.5
ubuntu
больше 4 лет назад

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

redhat логотип

CVE-2021-20191

CVSS3: 5
redhat
около 5 лет назад

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

msrc логотип

CVE-2021-20191

CVSS3: 5.5
msrc
больше 4 лет назад

A flaw was found in ansible. Credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

debian логотип

CVE-2021-20191

CVSS3: 5.5
debian
больше 4 лет назад

A flaw was found in ansible. Credentials, such as secrets, are being d ...

github логотип

GHSA-8f4m-hccc-8qph

CVSS3: 5.5
github
больше 4 лет назад

Insertion of Sensitive Information into Log File in ansible

EPSS

Процентиль: 11%
0.00037
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532