CVE-2021-3620

CVE-2021-3620

Name

CVE-2021-3620

Description

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
Release Notes	https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1975767
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Type

URI

Patch

https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0

Release Notes

https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1975767

secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:::::::*`	ansible_automation_platform_early_access	== None	== 2.0
`cpe:2.3:a:redhat:ansible_engine::::::::`	ansible_engine	>= None	< 2.9.27
`cpe:2.3:a:redhat:openstack:1:::::::*`	openstack	== None	== 1
`cpe:2.3:a:redhat:openstack:16.1:::::::*`	openstack	== None	== 16.1
`cpe:2.3:a:redhat:virtualization:4.0:::::::*`	virtualization	== None	== 4.0
`cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:::::::*`	virtualization_for_ibm_power_little_endian	== None	== 4.0
`cpe:2.3:a:redhat:virtualization_host:4.0:::::::*`	virtualization_host	== None	== 4.0
`cpe:2.3:a:redhat:virtualization_manager:4.4:::::::*`	virtualization_manager	== None	== 4.4
`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`	enterprise_linux	== None	== 8.0
`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*`	enterprise_linux_for_power_little_endian	== None	== 8.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:*:*:*:*:*:*:*

ansible_automation_platform_early_access

== None

== 2.0

cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*

ansible_engine

>= None

< 2.9.27

cpe:2.3:a:redhat:openstack:1:*:*:*:*:*:*:*

openstack

== None

== 1

cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*

openstack

== None

== 16.1

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

virtualization

== None

== 4.0

cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:*:*:*:*:*:*:*

virtualization_for_ibm_power_little_endian

== None

== 4.0

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

virtualization_host

== None

== 4.0

cpe:2.3:a:redhat:virtualization_manager:4.4:*:*:*:*:*:*:*

virtualization_manager

== None

== 4.4

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 8.0

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

enterprise_linux_for_power_little_endian

== None

== 8.0

References

Match rules

Vulnerable and fixed packages