A flaw was found in the Ansible Engine prior to 2.10.6rc1, 2.9.18rc1, and 2.8.19rc1, where sensitive info is not masked by default and is not protected by the no_log
feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
{ "nvd_published_at": "2021-04-29T16:15:00Z", "cwe_ids": [ "CWE-200", "CWE-522" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-05-25T19:22:34Z" }