Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2021/06/01 9:53 p.m.66 views

Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS2.2AI score0.00337EPSS
Exploits0References14Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/06/01 12:0 a.m.47 views

RHEL 8 : RHV Engine and Host Common Packages security update [ovirt-4.4.6] (Moderate) (RHSA-2021:2180)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2180 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References14
OSV
OSV
added 2021/05/26 12:15 p.m.31 views

PYSEC-2021-106

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS2.5AI score0.00337EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/05/26 12:0 a.m.22 views

CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS7AI score0.00337EPSS
Exploits0
Amazon
Amazon
added 2021/03/18 1:13 a.m.46 views

Medium: ansible

Issue Overview: A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by nolog feature when using the snmpfacts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this...

5.5CVSS5.7AI score0.00347EPSS
Exploits0
Veracode
Veracode
added 2021/02/25 6:28 a.m.26 views

Information Disclosure

ansible is vulnerable to information disclosure. The vulnerability exists because bitbucketpipeline credentials are not masked in the console log by default when bitbucketpipelinevariable module is in use...

5.5CVSS2.1AI score0.003EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder