CVE-2021-20191

Published: 26 May 2021

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
ansible Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Needs triage
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191
https://bugzilla.redhat.com/show_bug.cgi?id=1916813
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›