Detections
Analytics
FreeBSD : Ansible -- Ansible user credentials disclosure in ansible-connection module (9a8514f3-2ab8-11ec-b3a1-8c164582fbac)
medium Nessus Plugin ID 154045
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Red Hat reports :A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/CVE-2021-3620
http://www.nessus.org/u?5b0919dd
http://www.nessus.org/u?6399d81f
Plugin Details
Severity: Medium
ID: 154045
File Name: freebsd_pkg_9a8514f32ab811ecb3a18c164582fbac.nasl
Version: 1.2
Type: local
Family: FreeBSD Local Security Checks
Published: 10/13/2021
Updated: 3/16/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2021-3620
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:py310-ansible, p-cpe:/a:freebsd:freebsd:py39-ansible, p-cpe:/a:freebsd:freebsd:py37-ansible2, p-cpe:/a:freebsd:freebsd:py38-ansible, p-cpe:/a:freebsd:freebsd:py38-ansible-core, p-cpe:/a:freebsd:freebsd:py310-ansible-core, p-cpe:/a:freebsd:freebsd:py39-ansible2, p-cpe:/a:freebsd:freebsd:py39-ansible-core, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:py310-ansible-base, p-cpe:/a:freebsd:freebsd:py310-ansible2, p-cpe:/a:freebsd:freebsd:py38-ansible2, p-cpe:/a:freebsd:freebsd:py36-ansible-core, p-cpe:/a:freebsd:freebsd:py36-ansible, p-cpe:/a:freebsd:freebsd:py36-ansible-base, p-cpe:/a:freebsd:freebsd:py37-ansible-base, p-cpe:/a:freebsd:freebsd:py37-ansible, p-cpe:/a:freebsd:freebsd:py38-ansible-base, p-cpe:/a:freebsd:freebsd:py39-ansible-base, p-cpe:/a:freebsd:freebsd:py36-ansible2, p-cpe:/a:freebsd:freebsd:py37-ansible-core
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 10/11/2021
Vulnerability Publication Date: 6/25/2021
Reference Information
CVE: CVE-2021-3620