Oval Definition:oval:org.opensuse.security:def:202120180
Revision Date:2022-06-30Version:1
Title:CVE-2021-20180
Description:

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-20180
SUSE CVE-2021-20180
SUSE-SU-2021:2121-1
openSUSE-SU-2022:0081-1
Platform(s):openSUSE Leap 15.3
openSUSE Tumbleweed
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND ansible is not affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ansible-2.9.24-1.2 is installed
  • OR ansible-doc-2.9.24-1.2 is installed
  • OR ansible-test-2.9.24-1.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND ansible1 is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND ansible-2.9.22-11.17.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ansible-2.9.22-3.18.1 is installed
  • OR Package Information
  • SUSE OpenStack Cloud 8 is installed
  • AND
  • ansible-2.9.22-3.18.1 is installed
  • OR ansible1 is affected
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • ansible-2.9.21-bp153.2.3.1 is installed
  • AND ansible is signed with openSUSE key
  • OR
  • ansible-doc-2.9.21-bp153.2.3.1 is installed
  • AND ansible-doc is signed with openSUSE key
  • OR
  • ansible-test-2.9.21-bp153.2.3.1 is installed
  • AND ansible-test is signed with openSUSE key
    • BACK