Generation of Error Message Containing Sensitive Information
CVE-2021-3620
Summary
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. This vulnerability affects ansible-core versions prior to 2.11.6rc1 and ansible versions prior to 2.9.27rc1.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-209 - Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.
References
Advisory Timeline
- Published