CVE-2021-3620: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
debian	ansible	< ansible 5.4.0-1 (bookworm)	ansible 5.4.0-1 (bookworm)
debian	ansible-core	< ansible 5.4.0-1 (bookworm)	ansible 5.4.0-1 (bookworm)
msrc	cm1_ansible_2.9.27-1_on_cbl_mariner_1.0	—	—
redhat	ansible	>= 0 < 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
redhat	ansible	>= 0 < 5.4.0-1	5.4.0-1
redhat	ansible	>= 0 < 5.4.0-1	5.4.0-1
redhat	ansible	>= 0 < 5.4.0-1	5.4.0-1
redhat	ansible	>= 0 < 2.9.27	2.9.27
redhat	ansible	>= 0 < 2.0.0.2-2ubuntu1.3+esm1	2.0.0.2-2ubuntu1.3+esm1
redhat	ansible	>= 0 < 2.5.1+dfsg-1ubuntu0.1+esm1	2.5.1+dfsg-1ubuntu0.1+esm1
redhat	ansible	>= 0 < 2.9.6+dfsg-1ubuntu0.1~esm1	2.9.6+dfsg-1ubuntu0.1~esm1
redhat	ansible	>= 0 < 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1	2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1
redhat	ansible_automation_platform_early_access	—	—
redhat	ansible_automation_platform_early_access	—	—
redhat	ansible_engine	< 2.9.27	2.9.27
redhat	enterprise_linux	—	—
redhat	enterprise_linux_for_power_little_endian	—	—
redhat	openstack	—	—
redhat	openstack	—	—
redhat	virtualization	—	—
redhat	virtualization_for_ibm_power_little_endian	—	—
redhat	virtualization_host	—	—
redhat	virtualization_manager	—	—

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

osv5.5MEDIUM