Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

Published

2022-03-03T19:15:08.237

Last Modified

2024-11-21T06:22:00.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-209
  • Type: Secondary
    CWE-209
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat ansible_automation_platform_early_access 2.0 Yes
Application redhat ansible_engine < 2.9.27 Yes
Application redhat openstack 1 Yes
Application redhat openstack 16.1 Yes
Application redhat virtualization 4.0 Yes
Application redhat virtualization_for_ibm_power_little_endian 4.0 Yes
Application redhat virtualization_host 4.0 Yes
Application redhat virtualization_manager 4.4 Yes
Operating System redhat enterprise_linux 8.0 Yes
Operating System redhat enterprise_linux_for_power_little_endian 8.0 Yes
References