VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qz75-v9j5-aaaa

Essentials
Severities (120)
References (44)
Severity details (34)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qz75-v9j5-aaaa
Aliases	CVE-2021-20228 GHSA-5rrg-rr89-x9mv PYSEC-2021-1
Summary	A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-522	Insufficiently Protected Credentials
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0663
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0664
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1079
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2180
cvssv3	5.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00201	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00378	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00378	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00378	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.00378	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
epss	0.01195	https://api.first.org/data/v1/epss?cve=CVE-2021-20228
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1925002
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
cvssv3.1	5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/advisories/GHSA-5rrg-rr89-x9mv
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-5rrg-rr89-x9mv
generic_textual	HIGH	https://github.com/advisories/GHSA-5rrg-rr89-x9mv
cvssv3.1	5.0	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	7.5	https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
generic_textual	HIGH	https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
cvssv3.1	7.5	https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
generic_textual	HIGH	https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
cvssv3.1	7.5	https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
generic_textual	HIGH	https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
cvssv3.1	7.5	https://github.com/ansible/ansible/pull/73487
generic_textual	HIGH	https://github.com/ansible/ansible/pull/73487
cvssv3.1	7.5	https://github.com/ansible/ansible/pull/73492
generic_textual	HIGH	https://github.com/ansible/ansible/pull/73492
cvssv3.1	7.5	https://github.com/ansible/ansible/pull/73493
generic_textual	HIGH	https://github.com/ansible/ansible/pull/73493
cvssv3.1	7.5	https://github.com/ansible/ansible/pull/73494
generic_textual	HIGH	https://github.com/ansible/ansible/pull/73494
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-20228
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-20228
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-20228
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4950
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4950

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-20228
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/advisories/GHSA-5rrg-rr89-x9mv
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
		https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
		https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
		https://github.com/ansible/ansible/pull/73487
		https://github.com/ansible/ansible/pull/73492
		https://github.com/ansible/ansible/pull/73493
		https://github.com/ansible/ansible/pull/73494
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
		https://www.debian.org/security/2021/dsa-4950
1925002		https://bugzilla.redhat.com/show_bug.cgi?id=1925002
cpe:2.3:a:redhat:ansible_automation_platform:1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_automation_platform:1.2:::::::*
cpe:2.3:a:redhat:ansible_engine:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:::::::*
cpe:2.3:a:redhat:ansible_engine:2.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.9:::::::*
cpe:2.3:a:redhat:ansible_engine:2.9.18:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.9.18:::::::*
cpe:2.3:a:redhat:ansible_tower:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:3.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2021-20228		https://nvd.nist.gov/vuln/detail/CVE-2021-20228
RHSA-2021:0663		https://access.redhat.com/errata/RHSA-2021:0663
RHSA-2021:0664		https://access.redhat.com/errata/RHSA-2021:0664
RHSA-2021:1079		https://access.redhat.com/errata/RHSA-2021:1079
RHSA-2021:2180		https://access.redhat.com/errata/RHSA-2021:2180

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-5rrg-rr89-x9mv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/73487

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/73492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/73493

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/73494

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20228

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2021/dsa-4950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.30998
EPSS Score	0.00113
Published At	June 20, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.