CVE-2021-20178 - log back

CVE-2021-20178 edited at 27 Jan 2021 13:58:55
Description
- A flaw was found in Ansible Engine where the 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials.
+ A flaw was found in Ansible before version 2.10.6 where the 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials.
CVE-2021-20178 edited at 27 Jan 2021 13:53:07
References
https://bugzilla.redhat.com/show_bug.cgi?id=1914774
https://github.com/ansible-collections/community.general/pull/1621
- https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
+ https://github.com/ansible-collections/community.general/commit/fa2d2d6971d668f82207dd3e265820fdb4b0048d
CVE-2021-20178 edited at 12 Jan 2021 17:27:54
References
https://bugzilla.redhat.com/show_bug.cgi?id=1914774
+ https://github.com/ansible-collections/community.general/pull/1621
+ https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
CVE-2021-20178 edited at 12 Jan 2021 09:14:49
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A flaw was found in Ansible Engine where the 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1914774
Notes
CVE-2021-20178 created at 12 Jan 2021 09:13:44