CVE-2021-20228

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-20228
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20228.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20228
Aliases
Downstream
Related
Published
2021-04-29T16:15:09.737Z
Modified
2026-03-14T10:38:19.690030Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4455e60166a8271771d96c24f47b6714130d200f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f67c13f8f10a6f8e0343a3c3d4e8ad7737ed28ab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
02572cb9ec94462261c035b33de506e4e505b3ca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
0.01
0.3
0.7
stable-2.*
stable-2.9-branchpoint
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0
Other
v1_last
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.6.0a1
v2.7.0.a1
v2.8.0a1
v2.9.0
v2.9.0b1
v2.9.0rc1
v2.9.0rc2
v2.9.0rc3
v2.9.0rc4
v2.9.0rc5
v2.9.1
v2.9.10
v2.9.11
v2.9.12
v2.9.13
v2.9.14
v2.9.14rc1
v2.9.15
v2.9.15rc1
v2.9.16
v2.9.16rc1
v2.9.17
v2.9.17rc1
v2.9.18
v2.9.18rc1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20228.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]