Описание
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Отчет
Red Hat Gluster Storage 3 no longer maintains its own version of Ansible. The prerequisite is to enable the Ansible repository in order to consume the latest version of Ansible, which has many bug and security fixes. Red Hat Ceph Storage 2 only provides fixes for bugs on an as-requested basis by a customer, and will not be fixed after discussion with engineering about the viability of a fix. Red Hat Ceph Storage 3 does not directly ship ansible, and thus is closed as won't fix. Red Hat Virtualization ships an affected version of ansible, however, the usage of ansible on the redhat-virtualization-host is only supported for self-hosted-engine installation and disaster recovery, where it is run locally. As such Impact is rated Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | Ansible | Affected | ||
| Red Hat Ceph Storage 2 | ansible | Affected | ||
| Red Hat Ceph Storage 3 | ansible | Affected | ||
| Red Hat Storage 3 | ansible | Will not fix | ||
| Red Hat Ansible Automation Platform 2.0 for RHEL 8 | ansible | Fixed | RHSA-2021:3874 | 14.10.2021 |
| Red Hat Ansible Automation Platform 2.0 for RHEL 8 | ansible-core | Fixed | RHSA-2021:3874 | 14.10.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 7 | ansible | Fixed | RHSA-2021:3871 | 14.10.2021 |
| Red Hat Ansible Engine 2.9 for RHEL 8 | ansible | Fixed | RHSA-2021:3871 | 14.10.2021 |
| Red Hat Ansible Engine 2 for RHEL 7 | ansible | Fixed | RHSA-2021:3872 | 14.10.2021 |
| Red Hat Ansible Engine 2 for RHEL 8 | ansible | Fixed | RHSA-2021:3872 | 14.10.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
A flaw was found in Ansible Engine's ansible-connection module, where ...
Ansible discloses sensitive information in traceback error message
EPSS
5.5 Medium
CVSS3