CVE-2021-20180 - log back

CVE-2021-20180 edited at 27 Jan 2021 14:00:52
Description
- A flaw was found in ansible-collection where credentials such as secrets are being disclosed in console log by default and not protected by secured feature when using bitbucket_pipeline_variable module. An attacker can take advantage of this information to steal bitbucket_pipeline credentials.
+ A flaw was found in Ansible before version 2.10.6 where credentials such as secrets are being disclosed in console log by default and not protected by secured feature when using bitbucket_pipeline_variable module. An attacker can take advantage of this information to steal bitbucket_pipeline credentials.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1915808
https://github.com/ansible-collections/community.general/pull/1635
- https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
+ https://github.com/ansible-collections/community.general/commit/a3f08377b2000f8e179e361bcfef4afec18ba1e5
CVE-2021-20180 edited at 15 Jan 2021 16:35:28
References
https://bugzilla.redhat.com/show_bug.cgi?id=1915808
+ https://github.com/ansible-collections/community.general/pull/1635
+ https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
CVE-2021-20180 edited at 13 Jan 2021 15:22:46
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A flaw was found in ansible-collection where credentials such as secrets are being disclosed in console log by default and not protected by secured feature when using bitbucket_pipeline_variable module. An attacker can take advantage of this information to steal bitbucket_pipeline credentials.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1915808
CVE-2021-20180 created at 13 Jan 2021 15:22:00
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes