7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
51.1%
software: ansible 2.9.27
WASP: ROSA-CHROME
package_evr_string: ansible-2.9.27-1.src.rpm
CVE-ID: CVE-2021-20178
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A bug was discovered in the ansible module where default credentials are exposed in the console log and are not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat posed by this vulnerability is privacy related.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ansible
CVE-ID: CVE-2021-20180
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: A bug was discovered in the ansible module where default credentials are exposed in the console log and are not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat posed by this vulnerability is privacy related.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ansible
CVE-ID: CVE-2021-20191
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An error has been detected in ansible. Credentials such as secrets are exposed in the console log by default and are not protected by the no_log feature when using these modules. An attacker could use this information to steal these credentials. The biggest threat from this vulnerability is data privacy.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ansible
CVE-ID: CVE-2022-3697
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A bug was discovered in Ansible in the amazon.aws collection when using the Tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to exploit this issue because the module handles the parameter insecurely, resulting in a password leak in the logs.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ansible
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
51.1%