Unrated severityNVD Advisory· Published Apr 1, 2021· Updated Aug 3, 2024

CVE-2021-3447

Description

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

Affected products

Red Hat/Ansible Automation Platformdescription
osv-coords71 versions
pkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/python-hwdata&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/python-hwdata&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.3 pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Proxy%20Module%204.1 pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Server%20Module%204.3 pkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.1 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.3
< 2.9.27-150000.1.14.1+ 70 more
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 0.1.1657643023.0d694ce-150000.1.35.1
- (no CPE)range: < 0.1.1657643023.0d694ce-150000.1.35.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 4.3.14-150000.3.83.1
- (no CPE)range: < 4.3.14-150000.3.83.1
- (no CPE)range: < 0.5.0-150000.1.6.1
- (no CPE)range: < 2.9.22-3.18.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.27-159000.3.9.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.27-150000.1.14.1
- (no CPE)range: < 2.9.22-3.18.1
- (no CPE)range: < 2.9.22-3.18.1
- (no CPE)range: < 0.1.1657643023.0d694ce-150000.1.35.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 1.6-159000.4.9.1
- (no CPE)range: < 1.0.0-159000.4.12.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 1.3.0-150000.3.15.1
- (no CPE)range: < 2.45.0-159000.6.33.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 0.4.0-150000.1.15.1
- (no CPE)range: < 9.5.8-159000.4.24.1
- (no CPE)range: < 4.3.5-150000.1.35.1
- (no CPE)range: < 5.0.1-159000.4.21.1
- (no CPE)range: < 4.3.6-150000.1.32.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 0.19.0-150000.1.11.1
- (no CPE)range: < 0.10.1-159000.3.6.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-159000.5.13.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 2.3.5-150000.3.9.1
- (no CPE)range: < 6.7.3-159000.3.6.1
- (no CPE)range: < 5.0.1-159000.6.30.1
- (no CPE)range: < 4.3.14-150000.3.83.1
- (no CPE)range: < 5.0.1-159000.6.42.1
- (no CPE)range: < 4.3.11-150000.3.65.1
- (no CPE)range: < 5.0.1-159000.6.48.1
- (no CPE)range: < 1.2.2-159000.5.9.1
- (no CPE)range: < 5.0.1-159000.6.15.1
- (no CPE)range: < 4.3.5-150000.1.24.1
- (no CPE)range: < 5.0.1-159000.3.33.1
- (no CPE)range: < 4.3.6-150000.1.6.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 1.0.13-150000.3.32.1
- (no CPE)range: < 1.0.13-150000.3.32.1
- (no CPE)range: < 1.0.13-150000.3.32.1
- (no CPE)range: < 1.0.13-150000.3.32.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/12/msg00018.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000