SUSE CVE-2021-3620

🗓️ 15 Feb 2023 03:48:55Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Vulnerability in Ansible Engine's ansible-connection module exposes credentials in traceback errors.

Reporter	Title	Published	Views	Family All 90
FreeBSD	Ansible -- Ansible user credentials disclosure in ansible-connection module	25 Jun 202100:00	–	freebsd
AstraLinux	Astra Linux – Vulnerability in Ansible	3 May 202623:59	–	astralinux
BDU FSTEC	The vulnerability of the ansible-connection module in the Ansible Configuration Management system, related to the disclosure of information in error messages, allows a perpetrator to gain access to confidential data.	13 Sep 202400:00	–	bdu_fstec
CBLMariner	CVE-2021-3620 affecting package ansible 2.9.23-2	26 May 202219:04	–	cbl_mariner
Tenable Nessus	CentOS 9 : ansible-core-2.14.2-4.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	FreeBSD : Ansible -- Ansible user credentials disclosure in ansible-connection module (9a8514f3-2ab8-11ec-b3a1-8c164582fbac)	13 Oct 202100:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.27) (Important) (RHSA-2021:3871)	15 Oct 202100:00	–	nessus
Tenable Nessus	RHEL 7 / 8 : Ansible security update (2.9.27) (Important) (RHSA-2021:3872)	15 Oct 202100:00	–	nessus
Tenable Nessus	RHEL 8 : Red Hat Ansible Automation Platform 2.0.1 Security and Bug fix Release (Important) (RHSA-2021:3874)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 8 : RHV Engine and Host Common Packages security update [ovirt-4.4.9] (Important) (RHSA-2021:4703)	18 Nov 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	11.3	any	ansible	2.9.27-11.20.1	ansible-2.9.27-11.20.1.noarch.rpm
OpenSUSE Leap	15.3	any	ansible	2.9.27-150000.1.14.1	ansible-2.9.27-150000.1.14.1.noarch.rpm
OpenSUSE Leap	15.4	any	ansible	2.9.27-150000.1.14.1	ansible-2.9.27-150000.1.14.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	ansible	2.9.27-2.1	ansible-2.9.27-2.1.noarch.rpm
OpenSUSE Leap	15.3	any	ansible-doc	2.9.27-150000.1.14.1	ansible-doc-2.9.27-150000.1.14.1.noarch.rpm
OpenSUSE Leap	15.4	any	ansible-doc	2.9.27-150000.1.14.1	ansible-doc-2.9.27-150000.1.14.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	ansible-doc	2.9.27-2.1	ansible-doc-2.9.27-2.1.noarch.rpm
OpenSUSE Leap	15.3	any	ansible-test	2.9.27-150000.1.14.1	ansible-test-2.9.27-150000.1.14.1.noarch.rpm
OpenSUSE Leap	15.4	any	ansible-test	2.9.27-150000.1.14.1	ansible-test-2.9.27-150000.1.14.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	ansible-test	2.9.27-2.1	ansible-test-2.9.27-2.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2021-3620
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1187725
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-September/012196.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2021-December/009930.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2022-September/012182.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html

31 May 2026 01:44Current

8.9High risk

Vulners AI Score8.9

CVSS 3.16.5

EPSS0.00384

Ansible Engine Connection module Credentials exposure Traceback error Confidentiality risk