5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.1%
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
github.com/ansible-collections/kubernetes
github.com/ansible-collections/kubernetes/pull/51
lists.fedoraproject.org/archives/list/[email protected]/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW
lists.fedoraproject.org/archives/list/[email protected]/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S
lists.fedoraproject.org/archives/list/[email protected]/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB
nvd.nist.gov/vuln/detail/CVE-2020-1753
security.gentoo.org/glsa/202006-11
www.debian.org/security/2021/dsa-4950
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.1%