CVE-2021-20191

CWE-532 — Log File Information Exposure8 documents7 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 88.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Redhat Cisco Nx-os Collection Redhat Community General Collection +5 more

Timeline

PublishedMay 26

Latest updateJun 1

Description

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶PyPIansible2.9.0a1 — 2.9.18rc1+2

▶NVDredhat/ansible2.9.0 — 2.9.18+2

▶Debianansible< 2.10.7-1+3

▶CVEListV5ansibleansible 2.9.18

▶NVDredhat/ansible_tower3.0

🔴Vulnerability Details

OSV

Insertion of Sensitive Information into Log File in ansible↗2021-06-01

▶

GHSA

Insertion of Sensitive Information into Log File in ansible↗2021-06-01

▶

OSV

CVE-2021-20191: A flaw was found in ansible↗2021-05-26

▶

CVEList

CVE-2021-20191: A flaw was found in ansible↗2021-05-26

▶

📋Vendor Advisories

Microsoft

A flaw was found in ansible. Credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of t↗2021-05-11

▶

Red Hat

ansible: multiple modules expose secured values↗2021-01-15

▶

Debian

CVE-2021-20191: ansible - A flaw was found in ansible. Credentials, such as secrets, are being disclosed i...↗2021

▶