pysec-2022-164
Vulnerability from pysec
Published
2022-03-03 19:15
Modified
2022-03-15 14:28
Details
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible",
"purl": "pkg:pypi/ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "fe28767970c8ec62aabe493c46b53a5de1e5fac0"
}
],
"repo": "https://github.com/ansible/ansible",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.27"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.2.1",
"1.2.2",
"1.2.3",
"1.3.0",
"1.3.1",
"1.3.2",
"1.3.3",
"1.3.4",
"1.4",
"1.4.1",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.5",
"1.5.1",
"1.5.2",
"1.5.3",
"1.5.4",
"1.5.5",
"1.6",
"1.6.1",
"1.6.10",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.7",
"1.7.1",
"1.7.2",
"1.8",
"1.8.1",
"1.8.2",
"1.8.3",
"1.8.4",
"1.9.0",
"1.9.0.1",
"1.9.1",
"1.9.2",
"1.9.3",
"1.9.4",
"1.9.5",
"1.9.6",
"2.0.0",
"2.0.0.0",
"2.0.0.1",
"2.0.0.2",
"2.0.1.0",
"2.0.2.0",
"2.1.0.0",
"2.1.1.0",
"2.1.2.0",
"2.1.3.0",
"2.1.4.0",
"2.1.5.0",
"2.1.6.0",
"2.2.0.0",
"2.2.1.0",
"2.2.2.0",
"2.2.3.0",
"2.3.0.0",
"2.3.1.0",
"2.3.2.0",
"2.3.3.0",
"2.4.0.0",
"2.4.1.0",
"2.4.2.0",
"2.4.3.0",
"2.4.4.0",
"2.4.5.0",
"2.4.6.0",
"2.5.0",
"2.5.0a1",
"2.5.0b1",
"2.5.0b2",
"2.5.0rc1",
"2.5.0rc2",
"2.5.0rc3",
"2.5.1",
"2.5.10",
"2.5.11",
"2.5.12",
"2.5.13",
"2.5.14",
"2.5.15",
"2.5.2",
"2.5.3",
"2.5.4",
"2.5.5",
"2.5.6",
"2.5.7",
"2.5.8",
"2.5.9",
"2.6.0",
"2.6.0a1",
"2.6.0a2",
"2.6.0rc1",
"2.6.0rc2",
"2.6.0rc3",
"2.6.0rc4",
"2.6.0rc5",
"2.6.1",
"2.6.10",
"2.6.11",
"2.6.12",
"2.6.13",
"2.6.14",
"2.6.15",
"2.6.16",
"2.6.17",
"2.6.18",
"2.6.19",
"2.6.2",
"2.6.20",
"2.6.3",
"2.6.4",
"2.6.5",
"2.6.6",
"2.6.7",
"2.6.8",
"2.6.9",
"2.7.0",
"2.7.0.dev0",
"2.7.0a1",
"2.7.0b1",
"2.7.0rc1",
"2.7.0rc2",
"2.7.0rc3",
"2.7.0rc4",
"2.7.1",
"2.7.10",
"2.7.11",
"2.7.12",
"2.7.13",
"2.7.14",
"2.7.15",
"2.7.16",
"2.7.17",
"2.7.18",
"2.7.2",
"2.7.3",
"2.7.4",
"2.7.5",
"2.7.6",
"2.7.7",
"2.7.8",
"2.7.9",
"2.8.0",
"2.8.0a1",
"2.8.0b1",
"2.8.0rc1",
"2.8.0rc2",
"2.8.0rc3",
"2.8.1",
"2.8.10",
"2.8.11",
"2.8.12",
"2.8.13",
"2.8.14",
"2.8.15",
"2.8.16",
"2.8.16rc1",
"2.8.17",
"2.8.17rc1",
"2.8.18",
"2.8.18rc1",
"2.8.19",
"2.8.19rc1",
"2.8.2",
"2.8.20",
"2.8.20rc1",
"2.8.3",
"2.8.4",
"2.8.5",
"2.8.6",
"2.8.7",
"2.8.8",
"2.8.9",
"2.9.0",
"2.9.0b1",
"2.9.0rc1",
"2.9.0rc2",
"2.9.0rc3",
"2.9.0rc4",
"2.9.0rc5",
"2.9.1",
"2.9.10",
"2.9.11",
"2.9.12",
"2.9.13",
"2.9.14",
"2.9.14rc1",
"2.9.15",
"2.9.15rc1",
"2.9.16",
"2.9.16rc1",
"2.9.17",
"2.9.17rc1",
"2.9.18",
"2.9.18rc1",
"2.9.19",
"2.9.19rc1",
"2.9.2",
"2.9.20",
"2.9.20rc1",
"2.9.21",
"2.9.21rc1",
"2.9.22",
"2.9.22rc1",
"2.9.23",
"2.9.23rc1",
"2.9.24",
"2.9.24rc1",
"2.9.25",
"2.9.25rc1",
"2.9.26",
"2.9.26rc1",
"2.9.27rc1",
"2.9.3",
"2.9.4",
"2.9.5",
"2.9.6",
"2.9.7",
"2.9.8",
"2.9.9"
]
}
],
"aliases": [
"CVE-2021-3620",
"GHSA-4r65-35qq-ch8j"
],
"details": "A flaw was found in Ansible Engine\u0027s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.",
"id": "PYSEC-2022-164",
"modified": "2022-03-15T14:28:02.422806Z",
"published": "2022-03-03T19:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j"
}
]
}
Loading...