CVE-2021-3620

Summary

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

Affected Software

VendorProductVersion RangeStatus
n/aansibleFixed in Ansible Engine v2.9.27affected

Weaknesses

  • CWE-209: CWE-209 - Generation of Error Message Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References