CVE-2021-3620

Published Mar 3, 2022

Last updated a year ago

CVSS medium 5.5

Overview

Description: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

secalert@redhat.com: CWE-209
nvd@nist.gov: CWE-209

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3871C74-20C4-4212-AEF1-D792637A92B8"
          },
          {
            "criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19A338B7-0C96-497E-AF9C-EA78F143CCBE",
            "versionEndExcluding": "2.9.27"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openstack:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B7FF772-FC99-435A-8D6F-6999656B9593"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9D3F4FF-AD3D-4D17-93E8-84CAFCED2F59"
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization_for_ibm_power_little_endian:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDE26BBE-BD17-43B4-9C3F-B009F5AD0396"
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503"
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E1B0D8-7067-4FE7-A309-917AE4D59E7E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References