VulnerableCode Package Details - pkg:rpm/redhat/ansible@2.9.18-1?arch=el8ae

Search for packages

Vulnerability	Summary	Fixed by
VCID-atun-stks-4kcb Aliases: CVE-2021-20180 GHSA-fh5v-5f35-2rv2	Insertion of Sensitive Information into Log File A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.	There are no reported fixed by versions.
VCID-e3z2-ydhb-gqfg Aliases: CVE-2021-20228 GHSA-5rrg-rr89-x9mv PYSEC-2021-1	A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.	There are no reported fixed by versions.
VCID-fj2p-7wkh-1fhq Aliases: CVE-2021-20178 GHSA-wv5p-gmmv-wh9v PYSEC-2021-106	A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.	There are no reported fixed by versions.
VCID-xw8r-fn6y-mbhp Aliases: CVE-2021-20191 GHSA-8f4m-hccc-8qph PYSEC-2021-124	A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-atun-stks-4kcb
Aliases:
CVE-2021-20180
GHSA-fh5v-5f35-2rv2

Insertion of Sensitive Information into Log File A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

There are no reported fixed by versions.

VCID-e3z2-ydhb-gqfg
Aliases:
CVE-2021-20228
GHSA-5rrg-rr89-x9mv
PYSEC-2021-1

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

There are no reported fixed by versions.

VCID-fj2p-7wkh-1fhq
Aliases:
CVE-2021-20178
GHSA-wv5p-gmmv-wh9v
PYSEC-2021-106

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

There are no reported fixed by versions.

VCID-xw8r-fn6y-mbhp
Aliases:
CVE-2021-20191
GHSA-8f4m-hccc-8qph
PYSEC-2021-124

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:03:33.345177+00:00	RedHat Importer	Affected by	VCID-fj2p-7wkh-1fhq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json	38.0.0
2026-04-01T14:03:30.872989+00:00	RedHat Importer	Affected by	VCID-atun-stks-4kcb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json	38.0.0
2026-04-01T14:03:30.168312+00:00	RedHat Importer	Affected by	VCID-xw8r-fn6y-mbhp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json	38.0.0
2026-04-01T14:03:20.628380+00:00	RedHat Importer	Affected by	VCID-e3z2-ydhb-gqfg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json	38.0.0