Vulnerability in Ansible

CVE-2021-3681

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file…

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.

Affected products

N/a Ansible — versions ansible 3.3.0

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/ansible/galaxy/issues/1977 (x_refsource_MISC)