Oval Definition:oval:org.opensuse.security:def:202120191
Revision Date:2022-06-30Version:1
Title:CVE-2021-20191
Description:

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-20191
SUSE CVE-2021-20191
SUSE-SU-2021:2121-1
openSUSE-SU-2022:0081-1
Platform(s):openSUSE Leap 15.3
openSUSE Tumbleweed
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ansible-2.9.24-1.2 is installed
  • OR ansible-doc-2.9.24-1.2 is installed
  • OR ansible-test-2.9.24-1.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND ansible1 is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND ansible-2.9.22-11.17.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ansible-2.9.22-3.18.1 is installed
  • OR Package Information
  • SUSE OpenStack Cloud 8 is installed
  • AND
  • ansible-2.9.22-3.18.1 is installed
  • OR ansible1 is affected
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • ansible-2.9.21-bp153.2.3.1 is installed
  • AND ansible is signed with openSUSE key
  • OR
  • ansible-doc-2.9.21-bp153.2.3.1 is installed
  • AND ansible-doc is signed with openSUSE key
  • OR
  • ansible-test-2.9.21-bp153.2.3.1 is installed
  • AND ansible-test is signed with openSUSE key
    • BACK