{"api_version":"1","generated_at":"2026-04-23T00:41:10+00:00","cve":"CVE-2021-20191","urls":{"html":"https://cve.report/CVE-2021-20191","api":"https://cve.report/api/cve/CVE-2021-20191.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20191","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191"},"summary":{"title":"CVE-2021-20191","description":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-26 21:15:00","updated_at":"2023-12-28 19:15:00"},"problem_types":["CWE-532"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","name":"[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update","refsource":"","tags":[],"title":"[SECURITY] [DLA 3695-1] ansible security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","refsource":"MISC","tags":[],"title":"1916813 – (CVE-2021-20191) CVE-2021-20191 ansible: multiple modules expose secured values","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20191","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ansible","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ansible_tower","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"cisco_nx-os_collection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"community_general_collection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"ansible","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"community_network_collection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"ansible","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"docker_community_collection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"ansible","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20191","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"google_cloud_platform_ansible_collection","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-20191","qid":"183742","title":"Debian Security Update for ansible (CVE-2021-20191)"},{"cve":"CVE-2021-20191","qid":"239447","title":"Red Hat Update for RHV Engine and Host Common Packages (RHSA-2021:2180)"},{"cve":"CVE-2021-20191","qid":"281605","title":"Fedora Security Update for ansible (FEDORA-2021-9a0903469c)"},{"cve":"CVE-2021-20191","qid":"281606","title":"Fedora Security Update for ansible (FEDORA-2021-e9478617ae)"},{"cve":"CVE-2021-20191","qid":"352253","title":"Amazon Linux Security Advisory for ansible: ALAS2-2021-1613"},{"cve":"CVE-2021-20191","qid":"356209","title":"Amazon Linux Security Advisory for ansible : ALASANSIBLE2-2023-004"},{"cve":"CVE-2021-20191","qid":"356466","title":"Amazon Linux Security Advisory for ansible : ALAS2ANSIBLE2-2023-004"},{"cve":"CVE-2021-20191","qid":"500007","title":"Alpine Linux Security Update for ansible"},{"cve":"CVE-2021-20191","qid":"501352","title":"Alpine Linux Security Update for ansible"},{"cve":"CVE-2021-20191","qid":"504579","title":"Alpine Linux Security Update for ansible"},{"cve":"CVE-2021-20191","qid":"6000405","title":"Debian Security Update for ansible (DLA 3695-1)"},{"cve":"CVE-2021-20191","qid":"752570","title":"SUSE Enterprise Linux Important for SUSE Manager Client Tools (SUSE-SU-2022:3178-1)"},{"cve":"CVE-2021-20191","qid":"900111","title":"CBL-Mariner Linux Security Update for ansible 2.9.12"},{"cve":"CVE-2021-20191","qid":"903329","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for ansible (4265)"},{"cve":"CVE-2021-20191","qid":"982361","title":"Python (pip) Security Update for ansible (GHSA-8f4m-hccc-8qph)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20191","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"ansible","version":{"version_data":[{"version_value":"ansible 2.9.18"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-532"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected."}]}},"nvd":{"publishedDate":"2021-05-26 21:15:00","lastModifiedDate":"2023-12-28 19:15:00","problem_types":["CWE-532"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:google_cloud_platform_ansible_collection:1.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:cisco_nx-os_collection:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.19","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","versionStartIncluding":"2.10.0","versionEndExcluding":"2.10.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","versionStartIncluding":"2.9.0","versionEndExcluding":"2.9.18","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*","versionEndExcluding":"1.3.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:community_general_collection:*:*:*:*:*:ansible:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*","versionEndExcluding":"1.3.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:community_network_collection:*:*:*:*:*:ansible:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:docker_community_collection:*:*:*:*:*:ansible:*:*","versionEndExcluding":"1.2.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20191","Ordinal":"194232","Title":"CVE-2021-20191","CVE":"CVE-2021-20191","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20191","Ordinal":"1","NoteData":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20191","Ordinal":"2","NoteData":"2021-05-26","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20191","Ordinal":"3","NoteData":"2021-05-26","Type":"Other","Title":"Modified"}]}}}