Candidate: CVE-2021-3620
PublicDate: 2022-03-03 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620
 https://github.com/ansible/ansible/pull/75805
Description:
 A flaw was found in Ansible Engine's ansible-connection module, where
 sensitive information such as the Ansible user credentials is disclosed by
 default in the traceback error message. The highest threat from this
 vulnerability is to confidentiality.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1975767
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_ansible:
upstream_ansible: released (2.11.6,2.10.15,2.9.27)
trusty_ansible: ignored (out of standard support)
trusty/esm_ansible: needs-triage
xenial_ansible: ignored (out of standard support)
bionic_ansible: needed
focal_ansible: needed
groovy_ansible: ignored (reached end-of-life)
hirsute_ansible: ignored (reached end-of-life)
impish_ansible: needed
jammy_ansible: needed
devel_ansible: needed

Patches_ansible-base:
upstream_ansible-base: needs-triage
trusty_ansible-base: ignored (out of standard support)
trusty/esm_ansible-base: DNE
xenial_ansible-base: ignored (out of standard support)
bionic_ansible-base: DNE
focal_ansible-base: DNE
groovy_ansible-base: DNE
hirsute_ansible-base: ignored (reached end-of-life)
impish_ansible-base: needed
jammy_ansible-base: DNE
devel_ansible-base: DNE

Patches_ansible-core:
upstream_ansible-core: needs-triage
trusty_ansible-core: ignored (out of standard support)
trusty/esm_ansible-core: DNE
xenial_ansible-core: ignored (out of standard support)
bionic_ansible-core: DNE
focal_ansible-core: DNE
groovy_ansible-core: DNE
hirsute_ansible-core: DNE
impish_ansible-core: DNE
jammy_ansible-core: not-affected (2.12.0-1)
devel_ansible-core: not-affected (2.12.0-1)