5.5
CVE-2021-20191
- EPSS 0.03%
- Published 26.05.2021 21:15:08
- Last modified 21.11.2024 05:46:06
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
Data is provided by the National Vulnerability Database (NVD)
Oracle ≫ Virtualization Version4.0
Redhat ≫ Ansible Tower Version3.0
Redhat ≫ Cisco Nx-os Collection Version < 1.4.0
Redhat ≫ Community General Collection SwPlatformansible Version < 1.3.6
Redhat ≫ Community General Collection SwPlatformansible Version >= 2.0.0 < 2.0.1
Redhat ≫ Community Network Collection SwPlatformansible Version < 1.3.2
Redhat ≫ Community Network Collection SwPlatformansible Version >= 2.0.0 < 2.0.1
Redhat ≫ Docker Community Collection SwPlatformansible Version < 1.2.2
Redhat ≫ Google Cloud Platform Ansible Collection Version1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.068 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.