CVE-2021-3620

MEDIUM

Redhat Ansible Automation Platform Ea... - Error Information Exposure

Title source: rule

Description

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

References (4)

Scores

CVSS v3 5.5
EPSS 0.0017
EPSS Percentile 38.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-209
Status published

Affected Products (11)

redhat/ansible_automation_platform_early_access
redhat/ansible_engine < 2.9.27
redhat/openstack
redhat/openstack
redhat/virtualization
redhat/virtualization_for_ibm_power_little_endian
redhat/virtualization_host
redhat/virtualization_manager
redhat/enterprise_linux
redhat/enterprise_linux_for_power_little_endian
pypi/ansible < 2.9.27PyPI

Timeline

Published Mar 03, 2022
Tracked Since Feb 18, 2026