Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20180

Опубликовано: 13 янв. 2021
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Отчет

The version of Ansible provided in Red Hat Gluster Storage 3 does not contain the vulnerable bitbucket module and is not affected by this vulnerability. However, Red Hat Gluster Storage 3 no longer maintains its own version of Ansible. The prerequisite is to enable the Ansible repository in order to consume the latest version of Ansible, which includes bug and security fixes.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Tower 3ansibleOut of support scope
Red Hat Storage 3ansibleNot affected
Red Hat Ansible Automation Platform 1.2 for RHEL 7ansible-automation-platform/platform-resource-operator-bundleFixedRHSA-2021:107909.04.2021
Red Hat Ansible Automation Platform 1.2 for RHEL 7ansible-automation-platform/platform-resource-rhel7-operatorFixedRHSA-2021:107909.04.2021
Red Hat Ansible Automation Platform 1.2 for RHEL 7ansible-automation-platform/platform-resource-runner-rhel7FixedRHSA-2021:107909.04.2021
Red Hat Ansible Engine 2.9 for RHEL 7ansibleFixedRHSA-2021:066424.02.2021
Red Hat Ansible Engine 2.9 for RHEL 8ansibleFixedRHSA-2021:066424.02.2021
Red Hat Ansible Engine 2 for RHEL 7ansibleFixedRHSA-2021:066324.02.2021
Red Hat Ansible Engine 2 for RHEL 8ansibleFixedRHSA-2021:066324.02.2021
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8ansibleFixedRHSA-2021:218001.06.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1915808module: bitbucket_pipeline_variable exposes secured values

EPSS

Процентиль: 11%
0.00038
Низкий

5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-20180

CVSS3: 5.5
ubuntu
почти 4 года назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

nvd логотип

CVE-2021-20180

CVSS3: 5.5
nvd
почти 4 года назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

debian логотип

CVE-2021-20180

CVSS3: 5.5
debian
почти 4 года назад

A flaw was found in ansible module where credentials are disclosed in ...

github логотип

GHSA-fh5v-5f35-2rv2

CVSS3: 5.5
github
почти 4 года назад

Insertion of Sensitive Information into Log File in ansible

suse-cvrf логотип

SUSE-SU-2022:3178-1

suse-cvrf
больше 3 лет назад

Important security update for SUSE Manager Client Tools

EPSS

Процентиль: 11%
0.00038
Низкий

5 Medium

CVSS3