Search for vulnerabilities
Vulnerability details: VCID-ugk3-fc38-aaak
Vulnerability ID VCID-ugk3-fc38-aaak
Aliases CVE-2021-3447
PYSEC-2021-107
Summary A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-532 Insertion of Sensitive Information into Log File
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1079
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1342
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1343
rhas Important https://access.redhat.com/errata/RHSA-2021:2736
rhas Low https://access.redhat.com/errata/RHSA-2021:2866
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2021-3447
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1939349
cvssv3.1 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.3 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3447
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3447
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3447
archlinux Medium https://security.archlinux.org/AVG-1702
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3447
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/
1014721 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721
1939349 https://bugzilla.redhat.com/show_bug.cgi?id=1939349
AVG-1702 https://security.archlinux.org/AVG-1702
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVE-2021-3447 https://nvd.nist.gov/vuln/detail/CVE-2021-3447
RHSA-2021:1079 https://access.redhat.com/errata/RHSA-2021:1079
RHSA-2021:1342 https://access.redhat.com/errata/RHSA-2021:1342
RHSA-2021:1343 https://access.redhat.com/errata/RHSA-2021:1343
RHSA-2021:2736 https://access.redhat.com/errata/RHSA-2021:2736
RHSA-2021:2866 https://access.redhat.com/errata/RHSA-2021:2866
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3447
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3447
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3447
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18619
EPSS Score 0.00047
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.