Bugzilla – Bug 1183684
VUL-0: CVE-2021-3447: ansible: multiple modules expose secured values
Last modified: 2022-08-08 11:05:23 UTC
rh#1939349 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. References: https://bugzilla.redhat.com/show_bug.cgi?id=1939349 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3447 https://access.redhat.com/security/cve/CVE-2021-3447
SUSE-SU-2021:2121-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1180816,1180942,1181119,1181935,1183684 CVE References: CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): ansible-2.9.22-3.18.1 SUSE OpenStack Cloud 8 (src): ansible-2.9.22-3.18.1 HPE Helion Openstack 8 (src): ansible-2.9.22-3.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.