What is CVE-2021-20228?

CVE-2021-20228 is a vulnerability in Ansible, classified under Information Disclosure. Published 2021-04-29.

Is CVE-2021-20228 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Ansible

CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensit…

Vulnerability class: Information Disclosure

EPSS: 0.002 (47.8th percentile) — read the EPSS interpretation.

Affected products

N/a Ansible — versions ansible-engine 2.9.18

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/ansible/ansible/pull/73487 (x_refsource_MISC)
DSA-4950 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2021-20228?: CVE-2021-20228 is a vulnerability in Ansible, classified under Information Disclosure. Published 2021-04-29.
Is CVE-2021-20228 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.