CVE-2021-3620
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/03/2022
Last modified:
28/12/2023
Description
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:* | 2.9.27 (excluding) | |
| cpe:2.3:a:redhat:openstack:1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization_manager:4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page