Lucene search
K

20 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.4 views

CVE-2026-11820

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.26 views

CVE-2026-11819 Community.general: community.general keyring_info — os keyring passphrase returned in plaintext

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS0.00128EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 7:53 p.m.5 views

CVE-2026-11819 Community.general: community.general keyring_info — os keyring passphrase returned in plaintext

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51587

Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description In the plugins/modules/nexmo.py module, the api key and api secret variables are marked as no log=True to prevent them from being logged. However, these credentials are URL-encoded and includ...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine 2.9.18, where sensitive information is not masked by default, and the nolog feature is not protected when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The greatest threat posed by this...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15840

Malware in sbrugna...

6.3CVSS6.5AI score0.00299EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-20191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those...

5.5CVSS6.7AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2022/10/06 6:16 p.m.2 views

UBUNTU-CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

7.5CVSS7AI score0.00307EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2021/10/19 1:49 p.m.7 views

All Vulnerabilities for marketing4ecommerce.net Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| marketing4ecommerce.net ---|--- Open Bu...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/07/22 3:29 p.m.2 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/22 3:9 p.m.8 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/06/04 7:0 a.m.4 views

A flaw was found in ansible. Credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

...

5.5CVSS9.5AI score0.00347EPSS
Exploits0
OSV
OSV
added 2021/05/26 9:15 p.m.3 views

ALPINE-CVE-2021-20191

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS6.4AI score0.00347EPSS
Exploits0References1
PyPA
PyPA
added 2021/04/29 4:15 p.m.8 views

PYSEC-2021-1

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

7.5CVSS6.4AI score0.02043EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/04/22 9:8 p.m.2 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/04/22 9:7 p.m.3 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
OSV
OSV
added 2021/04/01 6:15 p.m.3 views

DEBIAN-CVE-2021-3447

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS7.1AI score0.00333EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/02/24 5:47 p.m.6 views

ansible: multiple modules expose secured values

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS6.8AI score0.00347EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/02/24 5:47 p.m.4 views

ansible: user data leak in snmp_facts module

A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by nolog feature when using the snmpfacts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data...

5.5CVSS6.8AI score0.00337EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/02/24 5:47 p.m.4 views

ansible: multiple modules expose secured values

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS6.8AI score0.00347EPSS
Exploits0References4
Rows per page
Query Builder