A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

🗓️ 04 Jun 2021 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

A flaw in the Ansible module leaks Bitbucket pipeline credentials in logs, risking confidentiality.

Reporter	Title	Published	Views	Family All 137
Tenable Nessus	Amazon Linux 2 : ansible (ALAS-2021-1613)	19 Mar 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ansible (ALASANSIBLE2-2023-004)	27 Sep 202300:00	–	nessus
Tenable Nessus	Fedora 32 : ansible (2021-9a0903469c)	2 Mar 202100:00	–	nessus
Tenable Nessus	Fedora 33 : ansible (2021-e9478617ae)	2 Mar 202100:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : ansible (openSUSE-SU-2022:0081-1)	17 Mar 202200:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.18) (Moderate) (RHSA-2021:0663)	24 Feb 202100:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.18) (Moderate) (RHSA-2021:0664)	24 Feb 202100:00	–	nessus
Tenable Nessus	RHEL 8 : RHV Engine and Host Common Packages security update [ovirt-4.4.6] (Moderate) (RHSA-2021:2180)	1 Jun 202100:00	–	nessus
Tenable Nessus	SUSE SLES15 : Important security update for SUSE Manager Client Tools (SUSE-SU-2022:3178-1)	9 Sep 202200:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2021-20178	11 Aug 202500:00	–	nessus

Vulners

Node

microsoft cm1_ansible_2.9.18-1Range<2.9.18-1

04 Jun 2021 07:00Current

9.5High risk

Vulners AI Score9.5

CVSS 22.1

CVSS 3.15.5

EPSS0.00028

Ansible module Bitbucket pipeline Credentials leak Log disclosure Confidentiality risk