CVE-2021-20228
Published: 29 April 2021
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
ansible Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Needs triage
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|
|
|
Patches: Upstream: https://github.com/ansible/ansible/commit/0cdc410dce6658e93c06fa27e0100ddbb11e7015 Upstream: https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b |
||