5.5
CVE-2021-3620
- EPSS 0.2%
- Veröffentlicht 03.03.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:00
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Automation Platform Early Access Version2.0
Redhat ≫ Ansible Engine Version < 2.9.27
Redhat ≫ Virtualization Version4.0
Redhat ≫ Virtualization For Ibm Power Little Endian Version4.0
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Virtualization Manager Version4.4
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.424 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.