A few different modules leak sensitive data such as secret values. This could lead in disclosing those credentials for every user which has access to the output of playbook execution.
Acknowledgments: Name: Rick Elrod (Red Hat)
This issue is addressed in https://github.com/ansible-collections/cisco.nxos/pull/227.
Created ansible tracking bugs for this issue: Affects: epel-all [bug 1917474] Affects: fedora-all [bug 1917473] Affects: openstack-rdo [bug 1917475]
This CVE has been addressed in: * Ansible 2.8.19 and newer * Ansible 2.9.18 and newer * Ansible 2.10.7 and newer As well as in the following Ansible Collections: * cisco.nxos 1.4.0 and newer * community.docker 1.2.2 and newer * community.general 1.3.6 and newer and 2.0.1 and newer * community.network 1.3.2 and newer and 2.0.1 and newer * google.cloud 1.0.2
This issue has been addressed in the following products: Red Hat Ansible Engine 2 for RHEL 8 Red Hat Ansible Engine 2 for RHEL 7 Via RHSA-2021:0663 https://access.redhat.com/errata/RHSA-2021:0663
This issue has been addressed in the following products: Red Hat Ansible Engine 2.9 for RHEL 8 Red Hat Ansible Engine 2.9 for RHEL 7 Via RHSA-2021:0664 https://access.redhat.com/errata/RHSA-2021:0664
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20191
Statement: The version of ansible shipped with Red Hat Gluster Storage (RHGS) 3 includes the vulnerable `network/nxos/nxos_*` modules. However, RHGS 3 no longer maintains its own version of Ansible, prerequisite is to enable ansible repository in order to consume the latest version of ansible which has many bug and security fixes.
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 1.2 for RHEL 7 Via RHSA-2021:1079 https://access.redhat.com/errata/RHSA-2021:1079
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Virtualization Engine 4.4 Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 Via RHSA-2021:2180 https://access.redhat.com/errata/RHSA-2021:2180