Описание
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Tower 3 | ansible | Out of support scope | ||
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-operator-bundle | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-rhel7-operator | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Automation Platform 1.2 for RHEL 7 | ansible-automation-platform/platform-resource-runner-rhel7 | Fixed | RHSA-2021:1079 | 09.04.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 7 | ansible | Fixed | RHSA-2021:0664 | 24.02.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 8 | ansible | Fixed | RHSA-2021:0664 | 24.02.2021 |
| Red Hat Ansible Engine 2 for RHEL 7 | ansible | Fixed | RHSA-2021:0663 | 24.02.2021 |
| Red Hat Ansible Engine 2 for RHEL 8 | ansible | Fixed | RHSA-2021:0663 | 24.02.2021 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | ansible | Fixed | RHSA-2021:2180 | 01.06.2021 |
| Red Hat Virtualization Engine 4.4 | ansible | Fixed | RHSA-2021:2180 | 01.06.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine 2.9.18 where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...
EPSS
5 Medium
CVSS3