ASA-202102-30 log original external raw

[ASA-202102-30] ansible-base: information disclosure
Arch Linux Security Advisory ASA-202102-30 ========================================== Severity: Medium Date : 2021-02-20 CVE-ID : CVE-2021-20228 Package : ansible-base Type : information disclosure Remote : No Link : Summary ======= The package ansible-base before version 2.10.6-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 2.10.6-1. # pacman -Syu "ansible-base>=2.10.6-1" The problem has been fixed upstream in version 2.10.6. Workaround ========== None. Description =========== A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the module. This flaw allows an attacker to obtain sensitive information. Impact ====== A local attacker is able to disclose sensitive information when running an Ansible playbook. References ==========