Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/23 7:53 p.m.5 views

CVE-2026-11820 Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...

5.5CVSS6.8AI score0.00333EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/01 1:23 p.m.6 views

ansible: basic.py no_log with fallback option

A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to...

7.5CVSS7.1AI score0.02043EPSS
Exploits0References5
OSV
OSV
added 2021/04/29 4:15 p.m.2 views

DEBIAN-CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

7.5CVSS7.8AI score0.02043EPSS
Exploits0References1
OSV
OSV
added 2021/04/29 4:15 p.m.7 views

AZL-6304 CVE-2021-20228 affecting package ansible for versions less than 2.12.1-1

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

7.5CVSS7.1AI score0.02043EPSS
Exploits0References1
OSV
OSV
added 2021/04/29 4:15 p.m.7 views

UBUNTU-CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

7.5CVSS7.1AI score0.02043EPSS
Exploits0References4
Rows per page
Query Builder