CVE-2021-20191

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

References

Affected packages

Git

github.com/ansible-collections/cisco.nxos

Affected ranges

Type: GIT
Repo: https://github.com/ansible-collections/cisco.nxos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

73ac6a0094de7e00e186fcea1f493d3b08de5357

Affected versions

0.*

0.0.1

0.0.2

0.0.3

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.3.0

1.3.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20191.json"

github.com/ansible-collections/community.docker

Affected ranges

Type: GIT
Repo: https://github.com/ansible-collections/community.docker
Events: Fixed

92db288917411ee377094701e4b21cc509f99b8e

Introduced

5183f84962d3f923040d94db5397d9cd9abd7be0

Fixed

b31e7d7d9ce2f16373b7ab27d77d97f428b6a8ea

Fixed

bbf8373f6cb912d5006f44d298a80aa8f5337cb2

Affected versions

2.*

2.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20191.json"

github.com/ansible-collections/community.general

Affected ranges

Type: GIT
Repo: https://github.com/ansible-collections/community.general
Events: Introduced

dc4222df0d8c043224433ff832f226874d1b9f90

Fixed

974997594fc453ddee3b374807cb654a98bd2f28

Fixed

b56539f17e63d9a3cac87141b291873dd68ccbf7

Fixed

b81ba747baf8b2361070d9877eb14011130339bc

Affected versions

2.*

2.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20191.json"

github.com/ansible-collections/community.network

Affected ranges

Type: GIT
Repo: https://github.com/ansible-collections/community.network
Events: Fixed

0202310d6211c2579bdcab7468939b11e8f54905

Introduced

df2a2ed444963296c05ded39003f1d0dd9e3f79a

Fixed

24b882710084c11402a1e9185f4fdf59f203153a

Fixed

6330dc87b7e2184c106d01cd3af2cd2f5a173b20

Affected versions

2.*

2.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20191.json"

github.com/ansible-collections/google.cloud

Affected ranges

Type: GIT
Repo: https://github.com/ansible-collections/google.cloud
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7b55b2268a858ed04f277aa5aedf4bb5477b18e0

Affected versions

1.*

1.0.2

v0.*

v0.0.3

v0.0.3.1

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v1.*

v1.0.1

v1.1.0

v1.1.0-beta

v1.1.0-beta.1

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.3.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20191.json"

github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Fixed

1205ad6a1a108376654d128ac903049168bf3d35

Fixed

2a58c2bbe33236ccfdde9fe7466d8a65956f21a5

Introduced

a6ed9551320b5f9d2a15a69e4c8b22ee31f0f778

Fixed

4226af2718f3d478bed2d07091692d65604b3d71

Introduced

24325a05dfb9104d6d4ec8b488b89e07c2e6d376

Fixed

4455e60166a8271771d96c24f47b6714130d200f

Fixed

90c8dcc4b87191511a71d7d46b83d088ede83ce4

Fixed

9d5d88b59fa3fdbbec4f4cb269c446c666e3abbb

Fixed

bb6cadefa2d68ed2a668fba14dc027947e043ae5

Affected versions

v2.*

v2.10.0

v2.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20191.json"