CVE-2021-20191 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
A flaw was found in ansible-collection where credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials.
Group Package Affected Fixed Severity Status Ticket
AVG-1437 ansible 2.10.5-1 2.10.7-1 Medium Fixed
Date Advisory Group Package Severity Type
06 Feb 2021 ASA-202102-9 AVG-1437 ansible Medium information disclosure
References
https://bugzilla.redhat.com/show_bug.cgi?id=1916813
https://github.com/ansible-collections/cisco.nxos/pull/227
https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa