CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Information

Published : 2021-05-26 05:15

Updated : 2021-06-03 08:57


NVD link : CVE-2021-20178

Mitre link : CVE-2021-20178


JSON object : View

CWE
CWE-532

Insertion of Sensitive Information into Log File

Advertisement

dedicated server usa

Products Affected

redhat

  • ansible_tower
  • ansible

fedoraproject

  • fedora