CVE-2021-20228

Published: 29 April 2021

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
ansible Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Needs triage
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
https://bugzilla.redhat.com/show_bug.cgi?id=1925002
https://github.com/ansible/ansible/pull/73487
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›