CVE-2021-20180
Description
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.038
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-20178,CVE-2021-20180 are fixed in Python-ansible 2.9.18 | Windows |
| Vulnerabilities CVE-2021-20180 are fixed in Python-ansible 2.8.19 | Windows |
| (RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpm | Linux |
| (RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.x86_64.rpm | Linux |
| (RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] python3-ovirt-engine-sdk4-4.4.12-1.el8ev.x86_64.rpm | Linux |
| (RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.x86_64.rpm | Linux |
| (RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] rubygem-ovirt-engine-sdk4-debugsource-4.4.1-1.el8ev.x86_64.rpm | Linux |
| (RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] rubygem-ovirt-engine-sdk4-doc-4.4.1-1.el8ev.x86_64.rpm | Linux |
| Vulnerabilities CVE-2021-20178,CVE-2021-20180 are fixed in Python-ansible for linux 2.9.18 | Linux |
| Vulnerabilities CVE-2021-20180 are fixed in Python-ansible for linux 2.8.19 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234