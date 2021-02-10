Vigil@nce - Ansible Community Package: information disclosure via Logged Parameters

April 2021 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/?langue=2

SYNTHESIS OF THE VULNERABILITY

Impacted products: Ansible precise, Fedora.

Severity: 2/4.

Consequences: data reading.

Provenance: user shell.

Confidence: confirmed by the editor (5/5).

Creation date: 10/02/2021.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass access restrictions to data via Logged Parameters of Ansible Community Package (which were named Ansible before version 2.10), in order to obtain sensitive information.

