QwikSec

Security Database

CVE

CWE

Training

CVE-2021-20178

Published: May 26, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Vendor	Product	Versions
n/a	Ansible	affected `before 2.9.18`

Weaknesses (CWE)

References

FEDORA-2021-e9478617ae

vendor-advisory

FEDORA-2021-9a0903469c

vendor-advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1914774

https://github.com/ansible-collections/community.general/pull/1635%2C

https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C

[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.