Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASANSIBLE2-2023-004

Related Vulnerabilities: CVE-2021-20178   CVE-2021-20180   CVE-2021-20191  

A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20178) A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20180) A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20191)

Source

ALASANSIBLE2-2023-004

Amazon Linux 2 Security Advisory: ALASANSIBLE2-2023-004
Advisory Release Date: 2023-08-21 21:01 Pacific
Advisory Updated Date: 2023-09-25 22:13 Pacific
Severity: Medium
Issue Overview:

A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20178)

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20180)

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20191)


Affected Packages:

ansible


Issue Correction:
Run yum update ansible to update your system.

New Packages:
noarch:
    ansible-2.9.18-1.amzn2.noarch
    ansible-doc-2.9.18-1.amzn2.noarch

src:
    ansible-2.9.18-1.amzn2.src

Additional References

Red Hat: CVE-2021-20178, CVE-2021-20180, CVE-2021-20191

Mitre: CVE-2021-20178, CVE-2021-20180, CVE-2021-20191

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started