Home

CVE-2021-20228

Description

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.149

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-20191,CVE-2021-20228 are fixed in Python-ansible 2.8.19rc1Windows
Vulnerabilities CVE-2021-20191,CVE-2021-20228 are fixed in Python-ansible 2.9.18rc1Windows
Vulnerabilities CVE-2021-20228 are fixed in Python-ansible 2.10.6rc1Windows
(RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] ovirt-ansible-collection-1.4.2-1.el8ev.noarch.rpmLinux
(RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] python-ovirt-engine-sdk4-debugsource-4.4.12-1.el8ev.x86_64.rpmLinux
(RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] python3-ovirt-engine-sdk4-4.4.12-1.el8ev.x86_64.rpmLinux
(RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] rubygem-ovirt-engine-sdk4-4.4.1-1.el8ev.x86_64.rpmLinux
(RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] rubygem-ovirt-engine-sdk4-debugsource-4.4.1-1.el8ev.x86_64.rpmLinux
(RHSA-2021:2180) RHV Engine and Host Common Packages security update [ovirt-4.4.6] rubygem-ovirt-engine-sdk4-doc-4.4.1-1.el8ev.x86_64.rpmLinux
ansible security update(DSA-4950-1) ansible_2.7.7+dfsg-1+deb10u1_all.debLinux
ansible security update(DSA-4950-1) Debian_ansible_2.7.7+dfsg-1+deb10u1_all.debLinux
Vulnerabilities CVE-2021-20191,CVE-2021-20228 are fixed in Python-ansible for linux 2.8.19rc1Linux
Vulnerabilities CVE-2021-20191,CVE-2021-20228 are fixed in Python-ansible for linux 2.9.18rc1Linux
Vulnerabilities CVE-2021-20228 are fixed in Python-ansible for linux 2.10.6rc1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234