CVE-2021-20191

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-20191
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-05-26 21:15:00 UTC
Updated2023-12-28 19:15:00 UTC
DescriptionA flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Risk And Classification

Problem Types: CWE-532

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Oracle Virtualization 4.0 All All All
Application Redhat Ansible All All All All
Application Redhat Ansible Tower 3.0 All All All
Application Redhat Cisco Nx-os Collection All All All All
Application Redhat Community General Collection All All All All
Application Redhat Community Network Collection All All All All
Application Redhat Docker Community Collection All All All All
Application Redhat Google Cloud Platform Ansible Collection 1.0.2 All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3695-1] ansible security update lists.debian.org
1916813 – (CVE-2021-20191) CVE-2021-20191 ansible: multiple modules expose secured values MISC bugzilla.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 183742 Debian Security Update for ansible (CVE-2021-20191)
  • 239447 Red Hat Update for RHV Engine and Host Common Packages (RHSA-2021:2180)
  • 281605 Fedora Security Update for ansible (FEDORA-2021-9a0903469c)
  • 281606 Fedora Security Update for ansible (FEDORA-2021-e9478617ae)
  • 352253 Amazon Linux Security Advisory for ansible: ALAS2-2021-1613
  • 356209 Amazon Linux Security Advisory for ansible : ALASANSIBLE2-2023-004
  • 356466 Amazon Linux Security Advisory for ansible : ALAS2ANSIBLE2-2023-004
  • 500007 Alpine Linux Security Update for ansible
  • 501352 Alpine Linux Security Update for ansible
  • 504579 Alpine Linux Security Update for ansible
  • 6000405 Debian Security Update for ansible (DLA 3695-1)
  • 752570 SUSE Enterprise Linux Important for SUSE Manager Client Tools (SUSE-SU-2022:3178-1)
  • 900111 CBL-Mariner Linux Security Update for ansible 2.9.12
  • 903329 Common Base Linux Mariner (CBL-Mariner) Security Update for ansible (4265)
  • 982361 Python (pip) Security Update for ansible (GHSA-8f4m-hccc-8qph)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report