CVE-2021-3620 Information

Jun 07, 2022 cve

Description

A flaw was found in Ansible Engine’s ansible-connection module where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0 https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes https://bugzilla.redhat.com/show_bug.cgi?id=1975767

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: