Published: 16/03/2022 Updated: 22/03/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an malicious user to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible

Debian Bug report logs - #985753 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 22 Mar 2021 21:57:04 UTC Severit ...

A flaw was found in ansible The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module Attackers could take advantage of this information to steal the SNMP credentials The highest threat from this vulnerability is to data confidentiality (CVE-2021-20178) A flaw was found ...

A flaw was found in ansible-collection where credentials such as secrets are being disclosed in console log by default and not protected by secured feature when using bitbucket_pipeline_variable module An attacker can take advantage of this information to steal bitbucket_pipeline credentials ...

CWE-532 https://bugzilla.redhat.com/show_bug.cgi?id=1915808 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1613.html

CVE-2021-20180

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect