Debian 10 Buster DLA-3695-1 moderate: Ansible credential exposure
debian lts
December 28, 2023
Ansible a configuration management, deployment, and task execution system was affected by multiple vulnerabilities
Summary
CVE-2019-10206
Fix a regression in test suite of CVE-2019-10206.
CVE-2021-3447
A flaw was found in several
ansible modules, where parameters containing credentials,
such as secrets, were being logged in plain-text on
managed nodes, as well as being made visible on the
controller node when run in verbose mode. These parameters
were not protected by the no_log feature. An attacker can
take advantage of this information to steal those credentials,
provided when they have access to the log files
containing them. The highest threat from this vulnerability
is to data confidentiality
CVE-2021-3583
A flaw was found in Ansible, where
a user's controller is vulnerable to template injection.
This issue can occur through facts used in the template
if the user is trying to put templates in multi-line YAML
strings and the facts being handled do not routinely
include special template characters. This flaw allows
PREVIOUS
NEXT
Package: ansible
Version: 2.7.7+dfsg-1+deb10u2
CVE ID: CVE-2019-10206 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620
Debian Bug: 1053693
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!