CVE-2021-20191

Name
CVE-2021-20191
Description
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1916813
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:* virtualization == None == 4.0
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* ansible >= None < 2.8.19
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* ansible >= 2.9.0 < 2.9.18
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* ansible >= 2.10.0 < 2.10.7
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:* ansible_tower == None == 3.0
cpe:2.3:a:redhat:cisco_nx-os_collection:*:*:*:*:*:*:*:* cisco_nx-os_collection >= None < 1.4.0
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:* community_general_collection >= None < 1.3.6
cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:* community_general_collection >= 2.0.0 < 2.0.1
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:* community_network_collection >= None < 1.3.2
cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:* community_network_collection >= 2.0.0 < 2.0.1
cpe:2.3:a:redhat:docker_community_collection:*:*:*:*:*:ansible:*:* docker_community_collection >= None < 1.2.2
cpe:2.3:a:redhat:google_cloud_platform_ansible_collection:1.0.2:*:*:*:*:*:*:* google_cloud_platform_ansible_collection == None == 1.0.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ansible 3.13-main 2.10.7-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
ansible 3.12-main 2.9.18-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
ansible 3.11-main 2.9.18-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
ansible 3.10-main 2.8.19-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
ansible 3.14-main 2.10.7-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed