Fluid Attacks Database

Description

Ansible Exposes Sensitive Information A flaw was found in the Ansible Engine prior to 2.10.6rc1, 2.9.18rc1, and 2.8.19rc1, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	ansible	>=2.10.0a1 <2.10.6rc1 \|\| >=2.9.0a1 <2.9.18rc1 \|\| >=0 <2.8.19rc1	2.10.6rc1, 2.9.18rc1, 2.8.19rc1
debian 11	ansible	>=0 <2.10.7+merged+base+2.10.8+dfsg-1	2.10.7+merged+base+2.10.8+dfsg-1
debian 12	ansible	>=0 <2.10.7+merged+base+2.10.8+dfsg-1	2.10.7+merged+base+2.10.8+dfsg-1
debian 13	ansible	>=0 <2.10.7+merged+base+2.10.8+dfsg-1	2.10.7+merged+base+2.10.8+dfsg-1
debian 14	ansible	>=0 <2.10.7+merged+base+2.10.8+dfsg-1	2.10.7+merged+base+2.10.8+dfsg-1

Aliases

1. CVE-2021-202282. NVD-2021-202283. OSV-2021-202284. OSV-DEBIAN-2021-202285. GHSA-5rrg-rr89-x9mv6. GCVE-2021-202287. SECURITY-TRACKER-CVE-2021-20228

References

1. https://github.com/ansible/ansible/pull/734872. https://github.com/ansible/ansible/pull/734923. https://github.com/ansible/ansible/pull/734934. https://github.com/ansible/ansible/pull/734945. https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c6. https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b7. https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb57961208. https://bugzilla.redhat.com/show_bug.cgi?id=19250029. https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml10. https://www.debian.org/security/2021/dsa-4950

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.