Ansible is an IT automation system that handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. A flaw was found in Ansible Engine's ansible-connection module where sensitive information, such as the Ansible user credentials, is disclosed by default in the traceback error message when Ansible receives an unexpected response from set_options
. The highest threat from this vulnerability is confidentiality.
{ "nvd_published_at": "2022-03-03T19:15:00Z", "cwe_ids": [ "CWE-209" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-03-24T21:40:53Z" }