module: bitbucket_pipeline_variable exposes secured values

🗓️ 01 Jun 2021 13:23:55Reported by RedHatType

A flaw in the ansible module exposes credentials in the console log when using the bitbucket_pipeline_variable module, risking confidentiality.

Reporter	Title	Published	Views	Family All 128
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	23 Aug 202222:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Ansible bundled with IBM Spectrum Fusion HCI	29 Sep 202222:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Multicloud Management Security Services	26 Mar 202503:34	–	ibm
Tenable Nessus	Amazon Linux 2 : ansible (ALAS-2021-1613)	19 Mar 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ansible (ALASANSIBLE2-2023-004)	27 Sep 202300:00	–	nessus
Tenable Nessus	Fedora 32 : ansible (2021-9a0903469c)	2 Mar 202100:00	–	nessus
Tenable Nessus	Fedora 33 : ansible (2021-e9478617ae)	2 Mar 202100:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : ansible (openSUSE-SU-2022:0081-1)	17 Mar 202200:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.18) (Moderate) (RHSA-2021:0663)	24 Feb 202100:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.18) (Moderate) (RHSA-2021:0664)	24 Feb 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	8	any	ansible	0:2.9.18-1.el8ae	ansible-0:2.9.18-1.el8ae.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2021-20180
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-20180
cve	www.cve.org/CVERecord

21 Nov 2025 18:22Current

6.8Medium risk

Vulners AI Score6.8

CVSS 22.1

CVSS 3.15.5

EPSS0.00038