FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ansible -- Ansible user credentials disclosure in ansible-connection module

Affected packages
py310-ansible-core < 2.11.6
py36-ansible-core < 2.11.6
py37-ansible-core < 2.11.6
py38-ansible-core < 2.11.6
py39-ansible-core < 2.11.6
py310-ansible-base < 2.10.15
py36-ansible-base < 2.10.15
py37-ansible-base < 2.10.15
py38-ansible-base < 2.10.15
py39-ansible-base < 2.10.15
py310-ansible2 < 2.9.27
py36-ansible2 < 2.9.27
py37-ansible2 < 2.9.27
py38-ansible2 < 2.9.27
py39-ansible2 < 2.9.27
py310-ansible < 2.9.27
py36-ansible < 2.9.27
py37-ansible < 2.9.27
py38-ansible < 2.9.27
py39-ansible < 2.9.27

Details

VuXML ID 9a8514f3-2ab8-11ec-b3a1-8c164582fbac
Discovery 2021-06-25
Entry 2021-10-11

Red Hat reports:

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

References

CVE Name CVE-2021-3620
URL https://access.redhat.com/security/cve/CVE-2021-3620
URL https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#v2-10-15
URL https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#v2-11-6
URL https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v2-9-27
URL https://nvd.nist.gov/vuln/detail/CVE-2021-3620