Skip to main content

Generation of Error Message Containing Sensitive Information

CVE-2021-3620

Severity Medium
Score 5.5/10

Summary

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. This vulnerability affects ansible-core versions prior to 2.11.6rc1 and ansible versions prior to 2.9.27rc1.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-209 - Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

Advisory Timeline

  • Published