{
  "threat_severity" : "Moderate",
  "public_date" : "2021-01-29T00:00:00Z",
  "bugzilla" : {
    "description" : "ansible: basic.py no_log with fallback option",
    "id" : "1925002",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925002"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200->CWE-522",
  "details" : [ "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 1.2 for RHEL 7",
    "release_date" : "2021-04-09T00:00:00Z",
    "advisory" : "RHSA-2021:1079",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:1.2::el7",
    "package" : "ansible-automation-platform/platform-resource-operator-bundle:v0.1.1-1"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 1.2 for RHEL 7",
    "release_date" : "2021-04-09T00:00:00Z",
    "advisory" : "RHSA-2021:1079",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:1.2::el7",
    "package" : "ansible-automation-platform/platform-resource-rhel7-operator:v0.1.0-12"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 1.2 for RHEL 7",
    "release_date" : "2021-04-09T00:00:00Z",
    "advisory" : "RHSA-2021:1079",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:1.2::el7",
    "package" : "ansible-automation-platform/platform-resource-runner-rhel7:v0.1.0-15"
  }, {
    "product_name" : "Red Hat Ansible Engine 2.9 for RHEL 7",
    "release_date" : "2021-02-24T00:00:00Z",
    "advisory" : "RHSA-2021:0664",
    "cpe" : "cpe:/a:redhat:ansible_engine:2.9::el7",
    "package" : "ansible-0:2.9.18-1.el7ae"
  }, {
    "product_name" : "Red Hat Ansible Engine 2.9 for RHEL 8",
    "release_date" : "2021-02-24T00:00:00Z",
    "advisory" : "RHSA-2021:0664",
    "cpe" : "cpe:/a:redhat:ansible_engine:2.9::el8",
    "package" : "ansible-0:2.9.18-1.el8ae"
  }, {
    "product_name" : "Red Hat Ansible Engine 2 for RHEL 7",
    "release_date" : "2021-02-24T00:00:00Z",
    "advisory" : "RHSA-2021:0663",
    "cpe" : "cpe:/a:redhat:ansible_engine:2::el7",
    "package" : "ansible-0:2.9.18-1.el7ae"
  }, {
    "product_name" : "Red Hat Ansible Engine 2 for RHEL 8",
    "release_date" : "2021-02-24T00:00:00Z",
    "advisory" : "RHSA-2021:0663",
    "cpe" : "cpe:/a:redhat:ansible_engine:2::el8",
    "package" : "ansible-0:2.9.18-1.el8ae"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2021-06-01T00:00:00Z",
    "advisory" : "RHSA-2021:2180",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "ansible-0:2.9.18-1.el8ae"
  }, {
    "product_name" : "Red Hat Virtualization Engine 4.4",
    "release_date" : "2021-06-01T00:00:00Z",
    "advisory" : "RHSA-2021:2180",
    "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8",
    "package" : "ansible-0:2.9.18-1.el8ae"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ansible Tower 3",
    "fix_state" : "Out of support scope",
    "package_name" : "ansible",
    "cpe" : "cpe:/a:redhat:ansible_tower:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-20228\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20228\nhttps://github.com/ansible/ansible/pull/73487" ],
  "name" : "CVE-2021-20228",
  "csaw" : false
}