High severityNVD Advisory· Published Apr 29, 2021· Updated Aug 3, 2024
CVE-2021-20228
CVE-2021-20228
Description
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansiblePyPI | >= 2.10.0a1, < 2.10.6rc1 | 2.10.6rc1 |
ansiblePyPI | >= 2.9.0a1, < 2.9.18rc1 | 2.9.18rc1 |
ansiblePyPI | < 2.8.19rc1 | 2.8.19rc1 |
Affected products
79- Ansible/Ansible Enginedescription
- ghsa-coords78 versionspkg:pypi/ansiblepkg:rpm/opensuse/ansible-10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-13&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-hwdata&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-hwdata&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/ansible&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Proxy%20Module%204.1pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.1pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.3
>= 2.10.0a1, < 2.10.6rc1+ 77 more
- (no CPE)range: >= 2.10.0a1, < 2.10.6rc1
- (no CPE)range: < 10.6.0-1.1
- (no CPE)range: < 11.11.0-1.1
- (no CPE)range: < 12.2.0-1.1
- (no CPE)range: < 13.7.0-1.1
- (no CPE)range: < 9.8.0-1.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 0.1.1657643023.0d694ce-150000.1.35.1
- (no CPE)range: < 0.1.1657643023.0d694ce-150000.1.35.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 4.3.14-150000.3.83.1
- (no CPE)range: < 4.3.14-150000.3.83.1
- (no CPE)range: < 0.5.0-150000.1.6.1
- (no CPE)range: < 2.9.22-3.18.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.27-159000.3.9.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.22-3.18.1
- (no CPE)range: < 2.9.22-3.18.1
- (no CPE)range: < 2.9.21-bp153.2.3.1
- (no CPE)range: < 0.1.1657643023.0d694ce-150000.1.35.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 1.6-159000.4.9.1
- (no CPE)range: < 1.0.0-159000.4.12.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 2.45.0-159000.6.33.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 9.5.8-159000.4.24.1
- (no CPE)range: < 4.3.5-150000.1.35.1
- (no CPE)range: < 5.0.1-159000.4.21.1
- (no CPE)range: < 4.3.6-150000.1.32.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 0.10.1-159000.3.6.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-159000.5.13.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 6.7.3-159000.3.6.1
- (no CPE)range: < 5.0.1-159000.6.30.1
- (no CPE)range: < 4.3.14-150000.3.83.1
- (no CPE)range: < 5.0.1-159000.6.42.1
- (no CPE)range: < 4.3.11-150000.3.65.1
- (no CPE)range: < 5.0.1-159000.6.48.1
- (no CPE)range: < 1.2.2-159000.5.9.1
- (no CPE)range: < 5.0.1-159000.6.15.1
- (no CPE)range: < 4.3.5-150000.1.24.1
- (no CPE)range: < 5.0.1-159000.3.33.1
- (no CPE)range: < 4.3.6-150000.1.6.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 1.0.13-150000.3.32.1
- (no CPE)range: < 1.0.13-150000.3.32.1
- (no CPE)range: < 1.0.13-150000.3.32.1
- (no CPE)range: < 1.0.13-150000.3.32.1
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-5rrg-rr89-x9mvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20228ghsaADVISORY
- www.debian.org/security/2021/dsa-4950ghsavendor-advisoryx_refsource_DEBIANWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662cghsaWEB
- github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111bghsaWEB
- github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120ghsaWEB
- github.com/ansible/ansible/pull/73487ghsax_refsource_MISCWEB
- github.com/ansible/ansible/pull/73492ghsaWEB
- github.com/ansible/ansible/pull/73493ghsaWEB
- github.com/ansible/ansible/pull/73494ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yamlghsaWEB
News mentions
0No linked articles in our index yet.