Your submission was sent successfully! Close

CVE-2021-3620

Published: 3 March 2022

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
ansible
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

trusty Needs triage

upstream
Released (2.11.6,2.10.15,2.9.27)
xenial Ignored
(out of standard support)
ansible-base
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Ignored
(reached end-of-life)
impish Needed

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(out of standard support)
ansible-core
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Not vulnerable
(2.12.0-1)
trusty Does not exist

upstream Needs triage

xenial Ignored
(out of standard support)