QID 239273

Ansible is a simple model-driven configuration management, multi-nodedeployment, and remote-task execution system. Ansible works over SSH anddoes not require any software or daemons to be installed on remote nodes.Extension modules can be written in any language and are transferred tomanaged machines automatically.The following packages have been upgraded to a newer upstream version:ansible (2.9.20)Bug Fix(es): CVE-2021-3447 ansible: multiple modules expose secured values See:https://github.com/ansible/ansible/blob/v2.9.20/changelogs/CHANGELOG-v2.9.rst for details on bug fixes in this release. Solution For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258 Affected Products Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 Red Hat Ansible Engine 2.9 for RHEL 8 s390x Red Hat Ansible Engine 2.9 for RHEL 8 ppc64le Red Hat Ansible Engine 2.9 for RHEL 8 aarch64 Red Hat Ansible Engine 2.9 for RHEL 7 x86_64 Red Hat Ansible Engine 2.9 for RHEL 7 s390x Red Hat Ansible Engine 2.9 for RHEL 7 ppc64le Fixes BZ - 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values CVEs CVE-2021-3447 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name

Affected Products:

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64
Red Hat Ansible Engine 2.9 for RHEL 8 s390x
Red Hat Ansible Engine 2.9 for RHEL 8 ppc64le
Red Hat Ansible Engine 2.9 for RHEL 8 aarch64
Red Hat Ansible Engine 2.9 for RHEL 7 x86_64
Red Hat Ansible Engine 2.9 for RHEL 7 s390x
Red Hat Ansible Engine 2.9 for RHEL 7 ppc64le

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

On successful exploitation, it could allow an attacker to execute code.