Security
Headlines

Headlines Latest CVEs

Headline

GHSA-5rrg-rr89-x9mv: Exposure of Sensitive Information in ansible

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

2 years ago

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2021-20228

Exposure of Sensitive Information in ansible

High severity GitHub Reviewed Published May 25, 2022 • Updated May 25, 2022

Package

pip ansible (pip )

Affected versions

>= 2.10.0, < 2.10.7

>= 2.9.0, < 2.9.18

< 2.8.19

Patched versions

2.10.7

2.9.18

2.8.19

Description

Related news

CVE-2021-20228: Invalid Bug ID

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

3 years ago

ghsa: Latest News

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

26 minutes ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

27 minutes ago

GHSA-m52v-24p8-654f: SurrealDB has an Uncaught Exception Sorting Tables by Random Order

42 minutes ago

GHSA-jc55-246c-r88f: SurrealDB has an Uncaught Exception Handling Nonexistent Role

42 minutes ago

GHSA-h4f5-h82v-5w4r: SurrealDB has an Uncaught Exception in Function Generating Random Time

42 minutes ago