First published: Thu Jun 24 2021(Updated: )
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ansible | <0:2.9.27-1.el8a | 0:2.9.27-1.el8a |
redhat/ansible-core | <0:2.11.6-1.el8a | 0:2.11.6-1.el8a |
redhat/ansible | <0:2.9.27-1.el7ae | 0:2.9.27-1.el7ae |
redhat/ansible | <0:2.9.27-1.el8ae | 0:2.9.27-1.el8ae |
redhat/ovirt-ansible-collection | <0:1.6.5-1.el8e | 0:1.6.5-1.el8e |
=2.0 | ||
<2.9.27 | ||
=1 | ||
=16.1 | ||
=4.0 | ||
=4.0 | ||
=4.0 | ||
=4.4 | ||
=8.0 | ||
=8.0 | ||
Redhat Ansible Automation Platform Early Access | =2.0 | |
Redhat Ansible Engine | <2.9.27 | |
Redhat Openstack | =1 | |
Redhat Openstack | =16.1 | |
Redhat Virtualization | =4.0 | |
Redhat Virtualization For Ibm Power Little Endian | =4.0 | |
Redhat Virtualization Host | =4.0 | |
Redhat Virtualization Manager | =4.4 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux For Power Little Endian | =8.0 | |
pip/ansible | <2.9.27 | 2.9.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-3620 is a vulnerability in Ansible Engine's ansible-connection module where sensitive information such as Ansible user credentials is disclosed in the traceback error message.
The severity of CVE-2021-3620 is high.
Redhat Ansible versions up to 2.9.27 and 2.11.6 are affected by CVE-2021-3620.
To fix CVE-2021-3620 in Redhat Ansible, upgrade to version 2.9.27-1.el8a or 2.11.6-1.el8a.
You can find more information about CVE-2021-3620 in the references provided.