Описание
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.
Отчет
The version of ansible shipped with Red Hat Gluster Storage (RHGS) 3 includes the vulnerable network/nxos/nxos_* modules. However, RHGS 3 no longer maintains its own version of Ansible, prerequisite is to enable ansible repository in order to consume the latest version of ansible which has many bug and security fixes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Tower 3 | ansible | Out of support scope | ||
| Red Hat Storage 3 | ansible | Will not fix | ||
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-operator-bundle | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-rhel7-operator | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-runner-rhel7 | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 7 | ansible | Fixed | RHSA-2021:0664 | 24.02.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 8 | ansible | Fixed | RHSA-2021:0664 | 24.02.2021 |
| Red Hat Ansible Engine 2 for RHEL 7 | ansible | Fixed | RHSA-2021:0663 | 24.02.2021 |
| Red Hat Ansible Engine 2 for RHEL 8 | ansible | Fixed | RHSA-2021:0663 | 24.02.2021 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | ansible | Fixed | RHSA-2021:2180 | 01.06.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
A flaw was found in ansible. Credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
A flaw was found in ansible. Credentials, such as secrets, are being d ...
Insertion of Sensitive Information into Log File in ansible
EPSS
5 Medium
CVSS3