CVE-2021-3620 — Information Exposure via Error Message in Redhat Ansible Engine
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 47.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 3
Latest updateJun 7
Description
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages10 packages
Also affects: Enterprise Linux 8.0
Patches
🔴Vulnerability Details
4OSV▶
CVE-2021-3620: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by defau↗2022-03-03
CVEList▶
CVE-2021-3620: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by defau↗2022-03-03
📋Vendor Advisories
4Microsoft▶
A flaw was found in Ansible Engine's ansible-connection module where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thre↗2022-03-08
Red Hat
▶
Debian▶
CVE-2021-3620: ansible - A flaw was found in Ansible Engine's ansible-connection module, where sensitive ...↗2021