The return value of a specific module i.e. basic.py of ansible engine is not being masked by default while using the fallback sub-option.The return value may contain sensitive info like secret Or Credentials.
External References: https://github.com/ansible/ansible/pull/73487
This issue has been addressed in the following products: Red Hat Ansible Engine 2 for RHEL 8 Red Hat Ansible Engine 2 for RHEL 7 Via RHSA-2021:0663 https://access.redhat.com/errata/RHSA-2021:0663
This issue has been addressed in the following products: Red Hat Ansible Engine 2.9 for RHEL 8 Red Hat Ansible Engine 2.9 for RHEL 7 Via RHSA-2021:0664 https://access.redhat.com/errata/RHSA-2021:0664
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20228
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 1.2 for RHEL 7 Via RHSA-2021:1079 https://access.redhat.com/errata/RHSA-2021:1079
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Virtualization Engine 4.4 Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 Via RHSA-2021:2180 https://access.redhat.com/errata/RHSA-2021:2180