Sensitive information sent insecurely In ansible
Description
Exposure of Sensitive Information to an Unauthorized Actor in Ansible A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 alpine v3.9 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.12-r0 || =2.7.13-r0 || =2.7.14-r0 || =2.7.16-r0 || >=0 <2.7.17-r0 | 2.7.17-r0 | |
 debian 12 | >=0 <2.9.7+dfsg-1 | 2.9.7+dfsg-1 | |
alpine v3.12 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || =2.8.6-r0 || =2.8.6-r1 || =2.8.6-r2 || =2.8.6-r3 || =2.9.1-r0 || =2.9.2-r0 || =2.9.2-r1 || =2.9.3-r0 || =2.9.4-r0 || =2.9.5-r0 || =2.9.6-r0 || >=0 <2.9.7-r0 | 2.9.7-r0 | |
 pypi | >=0 <2.7.17 || >=2.8.0a1 <2.8.11 || >=2.9.0a1 <2.9.7 | 2.7.17, 2.8.11, 2.9.7 | |
alpine v3.13 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || =2.8.6-r0 || =2.8.6-r1 || =2.8.6-r2 || =2.8.6-r3 || =2.9.1-r0 || =2.9.2-r0 || =2.9.2-r1 || =2.9.3-r0 || =2.9.4-r0 || =2.9.5-r0 || =2.9.6-r0 || >=0 <2.9.7-r0 | 2.9.7-r0 | |
alpine v3.14 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || =2.8.6-r0 || =2.8.6-r1 || =2.8.6-r2 || =2.8.6-r3 || =2.9.1-r0 || =2.9.2-r0 || =2.9.2-r1 || =2.9.3-r0 || =2.9.4-r0 || =2.9.5-r0 || =2.9.6-r0 || >=0 <2.9.7-r0 | 2.9.7-r0 | |
alpine v3.10 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.3-r0 || =2.8.4-r0 || =2.8.6-r0 || =2.8.8-r0 || >=0 <2.8.9-r0 | 2.8.9-r0 | |
alpine v3.11 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || =2.8.6-r0 || =2.8.6-r1 || =2.8.6-r2 || =2.8.6-r3 || =2.9.1-r0 || =2.9.3-r0 || =2.9.6-r0 || >=0 <2.9.7-r0 | 2.9.7-r0 | |
debian 11 | >=0 <2.9.7+dfsg-1 | 2.9.7+dfsg-1 | |
debian 13 | >=0 <2.9.7+dfsg-1 | 2.9.7+dfsg-1 |
1-10 of 11
10
Aliases
References
1. https://github.com/ansible/ansible/issues/677972. https://github.com/ansible/ansible/pull/689113. https://github.com/ansible/ansible/pull/689124. https://github.com/ansible/ansible/pull/689135. https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae1252376. https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f7. https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a48. https://www.debian.org/security/2021/dsa-49509. https://lists.fedoraproject.org/archives/list/[email protected]/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP210. https://lists.fedoraproject.org/archives/list/[email protected]/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB711. https://lists.fedoraproject.org/archives/list/[email protected]/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M312. https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml13. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.