Lucene search

Veracode Vulnerability DatabaseVERACODE:21748

HistoryOct 21, 2019 - 2:40 a.m.

Information Disclosure

2019-10-2102:40:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

14.2%

JSON

ansible is vulnerable to information disclosure. The boto3 library logs credentials at log level DEBUG. This causes several ansible plugins to disclose AWS credentials in log files.

CPENameOperatorVersion
ansiblele2.8.5
ansible:3.11eq2.9.7-r0
ansible:3.11eq2.9.3-r0
ansible:3.12eq2.9.9-r0
ansible:stretcheq2.2.1.0-2+deb9u1

Name	Operator	Version
ansible	le	2.8.5
ansible:3.11	eq	2.9.7-r0
ansible:3.11	eq	2.9.3-r0
ansible:3.12	eq	2.9.9-r0
ansible:stretch	eq	2.2.1.0-2+deb9u1

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

access.redhat.com/errata/RHSA-2019:3201

access.redhat.com/errata/RHSA-2019:3202

access.redhat.com/errata/RHSA-2019:3203

access.redhat.com/errata/RHSA-2019:3207

access.redhat.com/errata/RHSA-2020:0756

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846

github.com/ansible/ansible/pull/63366

lists.debian.org/debian-lts-announce/2020/05/msg00005.html

lists.debian.org/debian-lts-announce/2021/01/msg00023.html

www.debian.org/security/2021/dsa-4950

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for VERACODE:21748