CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_manager:4.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

History

28 Dec 2023, 19:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html -

Information

Published : 2022-03-03 19:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-3620

Mitre link : CVE-2021-3620

CVE.ORG link : CVE-2021-3620


JSON object : View

Products Affected

redhat

  • virtualization_for_ibm_power_little_endian
  • virtualization
  • ansible_engine
  • ansible_automation_platform_early_access
  • virtualization_manager
  • virtualization_host
  • enterprise_linux_for_power_little_endian
  • openstack
  • enterprise_linux
CWE
CWE-209

Generation of Error Message Containing Sensitive Information