CVE-2021-20228
HIGHAnsible Engine 2.9.18 - Exposure of Sensitive Information via Basic.py Module Sub-Option Feature
Title source: llmDescription
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1925002
Patch, Third Party Advisory x_refsource_misc
https://github.com/ansible/ansible/pull/73487
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-4950
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (7)
debian/debian_linux
10.0
pypi/ansible
2.10.0a1 - 2.10.6rc1PyPI
redhat/ansible_automation_platform
1.2
redhat/ansible_engine
2.9.18
redhat/ansible_engine
2.0
redhat/ansible_engine
2.9
redhat/ansible_tower
3.0
Published
Apr 29, 2021
Tracked Since
Feb 18, 2026