Updated: 2024-11-23 04:33:04.292335
Description:
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | LOW | 2.1 |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | ansible | 2.6.20 | 5.5 | MEDIUM | Ignored | 2021-12-09 07:57:02 | ||
| CloudLinux 6 ELS | ansible | 2.6.20 | 5.5 | MEDIUM | Ignored | 2021-12-09 07:57:02 | ||
| Oracle Linux 6 ELS | ansible | 2.6.20 | 5.5 | MEDIUM | Ignored | 2021-12-30 02:12:40 | ||
| Ubuntu 16.04 ELS | ansible | 2.0.0.2 | 5.5 | MEDIUM | Ignored | 2021-12-09 07:57:02 | ||
| Ubuntu 18.04 ELS | ansible | 2.5.1 | 5.5 | MEDIUM | Ignored | 2023-03-02 04:04:23 |