PYSEC-2022-164 — Vulnetix

PYSEC-2022-164 PUBLISHED CVSS 8.699999809265137 HIGH

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	ansible	0, 1.0, 1.1

Timeline

Mar 3, 2022 CVE Published
Feb 22, 2026 CVE Updated

References

https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes url
https://bugzilla.redhat.com/show_bug.cgi?id=1975767 report
https://github.com/advisories/GHSA-4r65-35qq-ch8j advisory
https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0 fix

Open in Interactive Console →