QID 352253
Date Published: 2021-03-25
QID 352253: Amazon Linux Security Advisory for ansible: ALAS2-2021-1613
<DIV> Issue Overview:
A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20178 )
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20180 )
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-20191 )
</DIV>Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- ALAS-2021-1613 -
alas.aws.amazon.com/AL2/ALAS-2021-1613.html
CVEs related to QID 352253
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS-2021-1613 | Amazon Linux 2 | ansible (2.9.18-1.amzn2) on noarch |
alas.aws.amazon.com/AL2/ALAS-2021-1613.html |
| ALAS-2021-1613 | Amazon Linux 2 | ansible (2.9.18-1.amzn2) on src |
alas.aws.amazon.com/AL2/ALAS-2021-1613.html |