Lucene search

[email protected]NVD:CVE-2021-3620

HistoryMar 03, 2022 - 7:15 p.m.

CVE-2021-3620

2022-03-0319:15:08

CWE-209

[email protected]

web.nvd.nist.gov

ansible

engine

connection

sensitive information

user credentials

error message

confidentiality

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

15.5%

JSON

A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

Affected configurations

Nvd

Node

redhatansible_automation_platform_early_accessMatch2.0

redhatansible_engineRange<2.9.27

redhatopenstackMatch1

redhatopenstackMatch16.1

redhatvirtualizationMatch4.0

redhatvirtualization_for_ibm_power_little_endianMatch4.0

redhatvirtualization_hostMatch4.0

redhatvirtualization_managerMatch4.4

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_for_power_little_endianMatch8.0

VendorProductVersionCPE
redhatansible_automation_platform_early_access2.0cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:*:*:*:*:*:*:*
redhatansible_engine*cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
redhatopenstack1cpe:2.3:a:redhat:openstack:1:*:*:*:*:*:*:*
redhatopenstack16.1cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*
redhatvirtualization4.0cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
redhatvirtualization_for_ibm_power_little_endian4.0cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:*:*:*:*:*:*:*
redhatvirtualization_host4.0cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
redhatvirtualization_manager4.4cpe:2.3:a:redhat:virtualization_manager:4.4:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian8.0cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	ansible_automation_platform_early_access	2.0	cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:::::::*
redhat	ansible_engine	*	cpe:2.3:a:redhat:ansible_engine::::::::
redhat	openstack	1	cpe:2.3:a:redhat:openstack:1:::::::*
redhat	openstack	16.1	cpe:2.3:a:redhat:openstack:16.1:::::::*
redhat	virtualization	4.0	cpe:2.3:a:redhat:virtualization:4.0:::::::*
redhat	virtualization_for_ibm_power_little_endian	4.0	cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:::::::*
redhat	virtualization_host	4.0	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
redhat	virtualization_manager	4.4	cpe:2.3:a:redhat:virtualization_manager:4.4:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux_for_power_little_endian	8.0	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*