Information disclosure in Ansible

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confi…

EPSS: 0.003 (52.8th percentile) — read the EPSS interpretation.

Affected products

N/a Ansible — versions Fixed in Ansible Engine v2.9.27

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst (x_refsource_MISC)
github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0 (x_refsource_MISC)
lists.debian.org/debian-lts-announce/2023/12/msg00018.html