ansible is vulnerable to information disclosure. The vulnerability exists as the svn command run by the subversion module does not allow a password to be passed securely, allowing the password to be read by a manged node at /proc//cmdline
.
bugzilla.redhat.com/show_bug.cgi?id=1802178
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
github.com/ansible/ansible/commit/b36f6897b4b959bc6306214f82a213a466d2cda6
github.com/ansible/ansible/issues/67797
github.com/ansible/ansible/pull/67829
lists.debian.org/debian-lts-announce/2020/05/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
lists.fedoraproject.org/archives/list/[email protected]/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
lists.fedoraproject.org/archives/list/[email protected]/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
www.debian.org/security/2021/dsa-4950