CVE-2021-3620: Generation of Error Message Containing Sensitive Information

March 3, 2022 (updated December 28, 2023)

A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

References

bugzilla.redhat.com/show_bug.cgi?id=1975767
github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
nvd.nist.gov/vuln/detail/CVE-2021-3620

Code Behaviors & Features

Detect and mitigate CVE-2021-3620 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →