CVE-2021-20228

Information Exposure in pypi/ansible

Identifiers

CVE-2021-20228

Package Slug

pypi/ansible

Vulnerability

Information Exposure

Description

A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Affected Versions

Version 2.0, version 2.9, version 2.9.18

Solution

Upgrade to versions 2.0.0.1, 2.9.1, 2.9.19 or above.

Last Modified

2021-05-04

source