VDB

CVE-2021-20228

CVE-2021-20228 PUBLISHED

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

EPSS 0.24% · 47.8th percentile

Risk Scores

EPSS Score
0.24%
47.8th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSansible1.9.2+dfsg-2, 1.9.4-1, 2.0.0.2-2
Ubuntu:Pro:18.04:LTSansible2.3.1.0+dfsg-2, *, *
Ubuntu:Pro:22.04:LTSansible0, 2.10.7+merged+base+2.10.8+dfsg-1, 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1
Ubuntu:24.04:LTSansible9.2.0+dfsg-0ubuntu4, 9.2.0+dfsg-0ubuntu5, *
Ubuntu:Pro:20.04:LTSansible2.9.4+dfsg-1, 2.8.6+dfsg-1, 2.8.3+dfsg-1
Ubuntu:25.10ansible*, *, 0
Ubuntu:Pro:14.04:LTSansible1.4.3+dfsg-1, 1.5.4+dfsg-1, 1.5.4+dfsg-1ubuntu0.1~esm1

Timeline

  • Feb 4, 2021 CVE Published
  • Apr 30, 2021 EPSS Score
  • Jul 3, 2021 EPSS Score
  • Aug 8, 2021 EPSS Score
  • Oct 9, 2021 EPSS Score
  • Nov 5, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 11, 2022 EPSS Score
  • Sep 12, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›