Your submission was sent successfully! Close

CVE-2021-20191

Published: 26 May 2021

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
ansible
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)