All the vulnerabilites related to redhat - google_cloud_platform_ansible_collection
cve-2021-20191
Vulnerability from cvelistv5
Published
2021-05-26 00:00
Modified
2024-08-03 17:30
Severity ?
Summary
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1916813
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.htmlmailing-list
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
          },
          {
            "name": "[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ansible",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ansible 2.9.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-28T19:06:26.846012",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        },
        {
          "name": "[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20191",
    "datePublished": "2021-05-26T00:00:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:30:07.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2021-05-26 21:15
Modified
2024-11-21 05:46
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1916813Issue Tracking, Vendor Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1916813Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Impacted products
Vendor Product Version
oracle virtualization 4.0
redhat ansible *
redhat ansible *
redhat ansible *
redhat ansible_tower 3.0
redhat cisco_nx-os_collection *
redhat community_general_collection *
redhat community_general_collection *
redhat community_network_collection *
redhat community_network_collection *
redhat docker_community_collection *
redhat google_cloud_platform_ansible_collection 1.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A303983A-E6D6-4CBC-B2DC-0293EFB623AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5863EEF1-48B9-4DCC-A34C-5881E5588C19",
              "versionEndExcluding": "2.8.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D02759E-9C13-45D9-B86D-282A1150AF9B",
              "versionEndExcluding": "2.9.18",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17362C62-F75B-456C-9E10-475DF200937E",
              "versionEndExcluding": "2.10.7",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31C575C-06D2-4CAF-A5B7-B9469B3ED55F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:cisco_nx-os_collection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F583BB1E-C512-4101-8E08-8BAEEBA919AE",
              "versionEndExcluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*",
              "matchCriteriaId": "059C2063-6AFB-4741-91BA-03869574A93F",
              "versionEndExcluding": "1.3.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*",
              "matchCriteriaId": "C91F2FC2-9231-423E-89B1-6DC68F56C58E",
              "versionEndExcluding": "2.0.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*",
              "matchCriteriaId": "D81319F0-E840-4A76-B2B4-21F8F6E9535D",
              "versionEndExcluding": "1.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*",
              "matchCriteriaId": "2DFEB5AE-7E63-417A-ADA5-D7FF03E3BDD9",
              "versionEndExcluding": "2.0.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:docker_community_collection:*:*:*:*:*:ansible:*:*",
              "matchCriteriaId": "4C27F139-C636-47E1-8BA4-6487DE2F0801",
              "versionEndExcluding": "1.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:google_cloud_platform_ansible_collection:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D000027-CB3B-4465-B0B6-546B334A8D58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en ansible.\u0026#xa0;Las credenciales, como los secretos, son divulgadas en el registro de la consola por defecto y no est\u00e1n protegidas por la funci\u00f3n no_log cuando son usados esos m\u00f3dulos.\u0026#xa0;Un atacante puede tomar ventaja de esta informaci\u00f3n para robar esas credenciales.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos.\u0026#xa0;Las versiones anteriores a ansible versi\u00f3n 2.9.18 est\u00e1n afectadas"
    }
  ],
  "id": "CVE-2021-20191",
  "lastModified": "2024-11-21T05:46:06.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-26T21:15:08.193",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}