← Volver a CVEs
CVE-2021-3620
MEDIUM5.5
Descripcion
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado3/3/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:ansible_automation_platform_early_accessredhat:ansible_engineredhat:enterprise_linuxredhat:enterprise_linux_for_power_little_endianredhat:openstackredhat:virtualizationredhat:virtualization_for_ibm_power_little_endianredhat:virtualization_hostredhat:virtualization_manager
Debilidades (CWE)
CWE-209CWE-209
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1975767(secalert@redhat.com)
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes(secalert@redhat.com)
https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1975767(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.