Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-n7t5-dzkt-rbh8

Summary A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

Aliases

alias	CVE-2021-3447

alias	PYSEC-2021-107

Fixed_packages

url	pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ansible@2.10.7%252Bmerged%252Bbase%252B2.10.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.17%2Bdfsg-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/ansible@2.10.7%2Bmerged%2Bbase%2B2.10.17%2Bdfsg-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ansible@2.10.7%252Bmerged%252Bbase%252B2.10.17%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ansible@7.7.0%2Bdfsg-3%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ansible@7.7.0%2Bdfsg-3%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ansible@7.7.0%252Bdfsg-3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ansible@12.0.0%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/ansible@12.0.0%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ansible@12.0.0%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ansible@14.0.0~a4%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/ansible@14.0.0~a4%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ansible@14.0.0~a4%252Bdfsg-1%3Fdistro=trixie

url pkg:pypi/ansible@1.2.2

purl pkg:pypi/ansible@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d8u-w26v-nqfd

vulnerability	VCID-1sty-hqbq-63hy

vulnerability	VCID-2tq8-8hu5-juc2

vulnerability	VCID-2z4k-r21v-rfgx

vulnerability	VCID-5p9q-7q6e-vkg8

vulnerability	VCID-7qnx-1gp2-v7bb

vulnerability	VCID-7skd-9hpb-dbhj

vulnerability	VCID-833d-up6b-rfe1

vulnerability	VCID-8u2v-jtqe-dqg3

vulnerability	VCID-9pwe-zdc3-sbcu

vulnerability	VCID-am9g-ba4h-sfhr

vulnerability	VCID-bg46-sd2p-h7ez

vulnerability	VCID-bwsk-15wb-jkfz

vulnerability	VCID-cuq1-se5h-vygd

vulnerability	VCID-cxts-25nq-4fcs

vulnerability	VCID-dkds-s3ad-cufa

vulnerability	VCID-g8tj-eaqr-myaa

vulnerability	VCID-gg28-jm4a-1ue9

vulnerability	VCID-ghxm-6brq-bqc9

vulnerability	VCID-gm99-68bj-c3cz

vulnerability	VCID-gmbu-guk2-r7dg

vulnerability	VCID-gxw4-ydnj-fkfe

vulnerability	VCID-hd4w-ksm9-uycv

vulnerability	VCID-hjc4-jcfm-7be5

vulnerability	VCID-hpqa-ysnc-b7dw

vulnerability	VCID-hq4d-92s2-vqg6

vulnerability	VCID-j6qc-x7e6-buen

vulnerability	VCID-k8a2-5yfh-j7gp

vulnerability	VCID-mbj9-3bnb-wbda

vulnerability	VCID-mj75-gu96-33ay

vulnerability	VCID-nb5v-58wt-87gz

vulnerability	VCID-p4p5-29r5-8qh9

vulnerability	VCID-p7d3-epbn-b7bp

vulnerability	VCID-pqj1-u787-g3aj

vulnerability	VCID-qf21-vknb-7kdg

vulnerability	VCID-rgcg-pkhf-7ydk

vulnerability	VCID-subj-aje2-93bk

vulnerability	VCID-tuhu-e8gj-rbbg

vulnerability	VCID-utrp-hfpb-tygj

vulnerability	VCID-vhxq-1hqq-77bx

vulnerability	VCID-vsv2-4d8c-m3g1

vulnerability	VCID-x4mr-vrp9-ufg6

vulnerability	VCID-yre5-mmmj-q3bn

vulnerability	VCID-yt5j-unv8-yudk

vulnerability	VCID-zwrg-9mrq-effd

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.2

Affected_packages

url pkg:alpm/archlinux/ansible@3.1.0-1

purl pkg:alpm/archlinux/ansible@3.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7t5-dzkt-rbh8

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@3.1.0-1

url pkg:pypi/ansible@1.0

purl pkg:pypi/ansible@1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d8u-w26v-nqfd

vulnerability	VCID-1sty-hqbq-63hy

vulnerability	VCID-2tq8-8hu5-juc2

vulnerability	VCID-2z4k-r21v-rfgx

vulnerability	VCID-5p9q-7q6e-vkg8

vulnerability	VCID-7qnx-1gp2-v7bb

vulnerability	VCID-7skd-9hpb-dbhj

vulnerability	VCID-833d-up6b-rfe1

vulnerability	VCID-8u2v-jtqe-dqg3

vulnerability	VCID-9pwe-zdc3-sbcu

vulnerability	VCID-am9g-ba4h-sfhr

vulnerability	VCID-bg46-sd2p-h7ez

vulnerability	VCID-bwsk-15wb-jkfz

vulnerability	VCID-cuq1-se5h-vygd

vulnerability	VCID-cxts-25nq-4fcs

vulnerability	VCID-dkds-s3ad-cufa

vulnerability	VCID-g8tj-eaqr-myaa

vulnerability	VCID-gg28-jm4a-1ue9

vulnerability	VCID-ghxm-6brq-bqc9

vulnerability	VCID-gm99-68bj-c3cz

vulnerability	VCID-gmbu-guk2-r7dg

vulnerability	VCID-gxw4-ydnj-fkfe

vulnerability	VCID-hd4w-ksm9-uycv

vulnerability	VCID-hjc4-jcfm-7be5

vulnerability	VCID-hpqa-ysnc-b7dw

vulnerability	VCID-hq4d-92s2-vqg6

vulnerability	VCID-j6qc-x7e6-buen

vulnerability	VCID-jtxt-eejw-6bem

vulnerability	VCID-k8a2-5yfh-j7gp

vulnerability	VCID-mbj9-3bnb-wbda

vulnerability	VCID-mj75-gu96-33ay

vulnerability	VCID-n7t5-dzkt-rbh8

vulnerability	VCID-nb5v-58wt-87gz

vulnerability	VCID-p4p5-29r5-8qh9

vulnerability	VCID-p7d3-epbn-b7bp

vulnerability	VCID-pqj1-u787-g3aj

vulnerability	VCID-r5wg-7ayd-gkeg

vulnerability	VCID-rgcg-pkhf-7ydk

vulnerability	VCID-subj-aje2-93bk

vulnerability	VCID-tuhu-e8gj-rbbg

vulnerability	VCID-utrp-hfpb-tygj

vulnerability	VCID-vhxq-1hqq-77bx

vulnerability	VCID-vsv2-4d8c-m3g1

vulnerability	VCID-x4mr-vrp9-ufg6

vulnerability	VCID-yre5-mmmj-q3bn

vulnerability	VCID-yt5j-unv8-yudk

vulnerability	VCID-zwrg-9mrq-effd

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.0

url pkg:pypi/ansible@1.1

purl pkg:pypi/ansible@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d8u-w26v-nqfd

vulnerability	VCID-1sty-hqbq-63hy

vulnerability	VCID-2tq8-8hu5-juc2

vulnerability	VCID-2z4k-r21v-rfgx

vulnerability	VCID-5p9q-7q6e-vkg8

vulnerability	VCID-7qnx-1gp2-v7bb

vulnerability	VCID-7skd-9hpb-dbhj

vulnerability	VCID-833d-up6b-rfe1

vulnerability	VCID-8u2v-jtqe-dqg3

vulnerability	VCID-9pwe-zdc3-sbcu

vulnerability	VCID-am9g-ba4h-sfhr

vulnerability	VCID-bg46-sd2p-h7ez

vulnerability	VCID-bwsk-15wb-jkfz

vulnerability	VCID-cuq1-se5h-vygd

vulnerability	VCID-cxts-25nq-4fcs

vulnerability	VCID-dkds-s3ad-cufa

vulnerability	VCID-g8tj-eaqr-myaa

vulnerability	VCID-gg28-jm4a-1ue9

vulnerability	VCID-ghxm-6brq-bqc9

vulnerability	VCID-gm99-68bj-c3cz

vulnerability	VCID-gmbu-guk2-r7dg

vulnerability	VCID-gxw4-ydnj-fkfe

vulnerability	VCID-hd4w-ksm9-uycv

vulnerability	VCID-hjc4-jcfm-7be5

vulnerability	VCID-hpqa-ysnc-b7dw

vulnerability	VCID-hq4d-92s2-vqg6

vulnerability	VCID-j6qc-x7e6-buen

vulnerability	VCID-jtxt-eejw-6bem

vulnerability	VCID-k8a2-5yfh-j7gp

vulnerability	VCID-mbj9-3bnb-wbda

vulnerability	VCID-mj75-gu96-33ay

vulnerability	VCID-n7t5-dzkt-rbh8

vulnerability	VCID-nb5v-58wt-87gz

vulnerability	VCID-p4p5-29r5-8qh9

vulnerability	VCID-p7d3-epbn-b7bp

vulnerability	VCID-pqj1-u787-g3aj

vulnerability	VCID-rgcg-pkhf-7ydk

vulnerability	VCID-subj-aje2-93bk

vulnerability	VCID-tuhu-e8gj-rbbg

vulnerability	VCID-utrp-hfpb-tygj

vulnerability	VCID-vhxq-1hqq-77bx

vulnerability	VCID-vsv2-4d8c-m3g1

vulnerability	VCID-x4mr-vrp9-ufg6

vulnerability	VCID-yre5-mmmj-q3bn

vulnerability	VCID-yt5j-unv8-yudk

vulnerability	VCID-zwrg-9mrq-effd

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.1

url pkg:pypi/ansible@1.2

purl pkg:pypi/ansible@1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d8u-w26v-nqfd

vulnerability	VCID-1sty-hqbq-63hy

vulnerability	VCID-2tq8-8hu5-juc2

vulnerability	VCID-2z4k-r21v-rfgx

vulnerability	VCID-5p9q-7q6e-vkg8

vulnerability	VCID-7qnx-1gp2-v7bb

vulnerability	VCID-7skd-9hpb-dbhj

vulnerability	VCID-833d-up6b-rfe1

vulnerability	VCID-8u2v-jtqe-dqg3

vulnerability	VCID-9pwe-zdc3-sbcu

vulnerability	VCID-am9g-ba4h-sfhr

vulnerability	VCID-bg46-sd2p-h7ez

vulnerability	VCID-bwsk-15wb-jkfz

vulnerability	VCID-cuq1-se5h-vygd

vulnerability	VCID-cxts-25nq-4fcs

vulnerability	VCID-dkds-s3ad-cufa

vulnerability	VCID-g8tj-eaqr-myaa

vulnerability	VCID-gg28-jm4a-1ue9

vulnerability	VCID-ghxm-6brq-bqc9

vulnerability	VCID-gm99-68bj-c3cz

vulnerability	VCID-gmbu-guk2-r7dg

vulnerability	VCID-gxw4-ydnj-fkfe

vulnerability	VCID-hd4w-ksm9-uycv

vulnerability	VCID-hjc4-jcfm-7be5

vulnerability	VCID-hpqa-ysnc-b7dw

vulnerability	VCID-hq4d-92s2-vqg6

vulnerability	VCID-j6qc-x7e6-buen

vulnerability	VCID-jtxt-eejw-6bem

vulnerability	VCID-k8a2-5yfh-j7gp

vulnerability	VCID-mbj9-3bnb-wbda

vulnerability	VCID-mj75-gu96-33ay

vulnerability	VCID-n7t5-dzkt-rbh8

vulnerability	VCID-nb5v-58wt-87gz

vulnerability	VCID-p4p5-29r5-8qh9

vulnerability	VCID-p7d3-epbn-b7bp

vulnerability	VCID-pqj1-u787-g3aj

vulnerability	VCID-qf21-vknb-7kdg

vulnerability	VCID-rgcg-pkhf-7ydk

vulnerability	VCID-subj-aje2-93bk

vulnerability	VCID-tuhu-e8gj-rbbg

vulnerability	VCID-utrp-hfpb-tygj

vulnerability	VCID-vhxq-1hqq-77bx

vulnerability	VCID-vsv2-4d8c-m3g1

vulnerability	VCID-x4mr-vrp9-ufg6

vulnerability	VCID-yre5-mmmj-q3bn

vulnerability	VCID-yt5j-unv8-yudk

vulnerability	VCID-zwrg-9mrq-effd

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2

url pkg:pypi/ansible@1.2.1

purl pkg:pypi/ansible@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d8u-w26v-nqfd

vulnerability	VCID-1sty-hqbq-63hy

vulnerability	VCID-2tq8-8hu5-juc2

vulnerability	VCID-2z4k-r21v-rfgx

vulnerability	VCID-5p9q-7q6e-vkg8

vulnerability	VCID-7qnx-1gp2-v7bb

vulnerability	VCID-7skd-9hpb-dbhj

vulnerability	VCID-833d-up6b-rfe1

vulnerability	VCID-8u2v-jtqe-dqg3

vulnerability	VCID-9pwe-zdc3-sbcu

vulnerability	VCID-am9g-ba4h-sfhr

vulnerability	VCID-bg46-sd2p-h7ez

vulnerability	VCID-bwsk-15wb-jkfz

vulnerability	VCID-cuq1-se5h-vygd

vulnerability	VCID-cxts-25nq-4fcs

vulnerability	VCID-dkds-s3ad-cufa

vulnerability	VCID-g8tj-eaqr-myaa

vulnerability	VCID-gg28-jm4a-1ue9

vulnerability	VCID-ghxm-6brq-bqc9

vulnerability	VCID-gm99-68bj-c3cz

vulnerability	VCID-gmbu-guk2-r7dg

vulnerability	VCID-gxw4-ydnj-fkfe

vulnerability	VCID-hd4w-ksm9-uycv

vulnerability	VCID-hjc4-jcfm-7be5

vulnerability	VCID-hpqa-ysnc-b7dw

vulnerability	VCID-hq4d-92s2-vqg6

vulnerability	VCID-j6qc-x7e6-buen

vulnerability	VCID-k8a2-5yfh-j7gp

vulnerability	VCID-mbj9-3bnb-wbda

vulnerability	VCID-mj75-gu96-33ay

vulnerability	VCID-n7t5-dzkt-rbh8

vulnerability	VCID-nb5v-58wt-87gz

vulnerability	VCID-p4p5-29r5-8qh9

vulnerability	VCID-p7d3-epbn-b7bp

vulnerability	VCID-pqj1-u787-g3aj

vulnerability	VCID-qf21-vknb-7kdg

vulnerability	VCID-rgcg-pkhf-7ydk

vulnerability	VCID-subj-aje2-93bk

vulnerability	VCID-tuhu-e8gj-rbbg

vulnerability	VCID-utrp-hfpb-tygj

vulnerability	VCID-vhxq-1hqq-77bx

vulnerability	VCID-vsv2-4d8c-m3g1

vulnerability	VCID-x4mr-vrp9-ufg6

vulnerability	VCID-yre5-mmmj-q3bn

vulnerability	VCID-yt5j-unv8-yudk

vulnerability	VCID-zwrg-9mrq-effd

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.1

url pkg:rpm/redhat/ansible@2.9.20-1?arch=el8ae

purl pkg:rpm/redhat/ansible@2.9.20-1?arch=el8ae

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7t5-dzkt-rbh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible@2.9.20-1%3Farch=el8ae

url pkg:rpm/redhat/ansible@2.9.20-1?arch=el7ae

purl pkg:rpm/redhat/ansible@2.9.20-1?arch=el7ae

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7t5-dzkt-rbh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible@2.9.20-1%3Farch=el7ae

url pkg:rpm/redhat/ansible@2.9.21-1?arch=el8ae

purl pkg:rpm/redhat/ansible@2.9.21-1?arch=el8ae

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n7t5-dzkt-rbh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible@2.9.21-1%3Farch=el8ae

url pkg:rpm/redhat/redhat-virtualization-host@4.4.7-20210715.1?arch=el8_4

purl pkg:rpm/redhat/redhat-virtualization-host@4.4.7-20210715.1?arch=el8_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9ymx-35jj-hydh

vulnerability	VCID-m8v2-vgb8-nfgs

vulnerability	VCID-n7t5-dzkt-rbh8

vulnerability	VCID-p8xe-9hz3-dfbm

vulnerability	VCID-urye-s1mf-x7ea

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/redhat-virtualization-host@4.4.7-20210715.1%3Farch=el8_4

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3447

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.21975
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3447

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1939349
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1939349

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721
reference_id	1014721
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721

reference_url

https://security.archlinux.org/AVG-1702

reference_id

AVG-1702

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1702

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-3447
reference_id	CVE-2021-3447
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-3447

reference_url	https://access.redhat.com/errata/RHSA-2021:1079
reference_id	RHSA-2021:1079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1079

reference_url	https://access.redhat.com/errata/RHSA-2021:1342
reference_id	RHSA-2021:1342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1342

reference_url	https://access.redhat.com/errata/RHSA-2021:1343
reference_id	RHSA-2021:1343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1343

reference_url	https://access.redhat.com/errata/RHSA-2021:2736
reference_id	RHSA-2021:2736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2736

reference_url	https://access.redhat.com/errata/RHSA-2021:2866
reference_id	RHSA-2021:2866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2866

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	532
name	Insertion of Sensitive Information into Log File
description	Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7t5-dzkt-rbh8

Vulnerability Instance