Описание
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data confidentiality.
Отчет
The version of ansible shipped with Red Hat Gluster Storage (RHGS) 3 includes the vulnerable snmp module. However, RHGS 3 no longer maintains its own version of Ansible, prerequisite is to enable ansible repository in order to consume the latest version of ansible which has many bug and security fixes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Tower 3 | ansible | Out of support scope | ||
| Red Hat Storage 3 | ansible | Will not fix | ||
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-operator-bundle | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-rhel7-operator | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-runner-rhel7 | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 7 | ansible | Fixed | RHSA-2021:0664 | 24.02.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 8 | ansible | Fixed | RHSA-2021:0664 | 24.02.2021 |
| Red Hat Ansible Engine 2 for RHEL 7 | ansible | Fixed | RHSA-2021:0663 | 24.02.2021 |
| Red Hat Ansible Engine 2 for RHEL 8 | ansible | Fixed | RHSA-2021:0663 | 24.02.2021 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | ansible | Fixed | RHSA-2021:2180 | 01.06.2021 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
A flaw was found in ansible module where credentials are disclosed in ...
Insertion of Sensitive Information into Log File in ansible
5 Medium
CVSS3