CVE-2021-3620 - A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as

CVE-2021-3620

Summary

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

References

https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
https://bugzilla.redhat.com/show_bug.cgi?id=1975767

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

04-03-2022 - 13:42

Published

03-03-2022 - 19:15

Last modified

04-03-2022 - 13:42