Lucene search

K

[email protected]NVD:CVE-2021-20191

HistoryMay 26, 2021 - 9:15 p.m.

CVE-2021-20191

2021-05-2621:15:08

CWE-532

[email protected]

web.nvd.nist.gov

8

credentials disclosure

data confidentiality

ansible vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

15.6%

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Affected configurations

Nvd

Node

oraclevirtualizationMatch4.0

OR

redhatansibleRange<2.8.19

OR

redhatansibleRange2.9.0–2.9.18

OR

redhatansibleRange2.10.0–2.10.7

OR

redhatansible_towerMatch3.0

OR

redhatcisco_nx-os_collectionRange<1.4.0

OR

redhatcommunity_general_collectionRange<1.3.6ansible

OR

redhatcommunity_general_collectionRange2.0.0–2.0.1ansible

OR

redhatcommunity_network_collectionRange<1.3.2ansible

OR

redhatcommunity_network_collectionRange2.0.0–2.0.1ansible

OR

redhatdocker_community_collectionRange<1.2.2ansible

OR

redhatgoogle_cloud_platform_ansible_collectionMatch1.0.2

References

bugzilla.redhat.com/show_bug.cgi?id=1916813

lists.debian.org/debian-lts-announce/2023/12/msg00018.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

15.6%

Related for NVD:CVE-2021-20191

debiancve1 ubuntucve1 osv4 cvelist1 prion1 veracode1 redhatcve1 cbl_mariner1 github1 alpinelinux1 cve1 archlinux1 mageia2 amazon1 nessus9 openvas7 fedora2 redhat7 rosalinux1 photon1 suse2 debian1