CVE-2021-3620

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3620

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3620.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-3620

Aliases

GHSA-4r65-35qq-ch8j

Downstream

DEBIAN-CVE-2021-3620

DLA-3695-1

RHSA-2021:3871

RHSA-2021:3872

RHSA-2021:3874

RHSA-2021:4703

RHSA-2021:4750

SUSE-SU-2021:4152-1

SUSE-SU-2022:3178-1

SUSE-SU-2024:0196-1

UBUNTU-CVE-2021-3620

USN-5315-1

openSUSE-SU-2024:12302-1

Related

Published

2022-03-03T19:15:08Z

Modified

2025-08-09T20:01:25Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe28767970c8ec62aabe493c46b53a5de1e5fac0