1183684 – (CVE-2021-3447) VUL-0: CVE-2021-3447: ansible: multiple modules expose secured values

Bug 1183684 (CVE-2021-3447) - VUL-0: CVE-2021-3447: ansible: multiple modules expose secured values

Summary: VUL-0: CVE-2021-3447: ansible: multiple modules expose secured values

Status:	RESOLVED FIXED

Alias:	CVE-2021-3447

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/279876/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-3447:5.0:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-03-18 07:52 UTC by Alexander Bergmann
Modified:	2024-05-23 15:11 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2021-03-18 07:52:03 UTC

rh#1939349

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1939349
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3447
https://access.redhat.com/security/cve/CVE-2021-3447

Comment 2 Swamp Workflow Management 2021-06-22 16:19:36 UTC

SUSE-SU-2021:2121-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180816,1180942,1181119,1181935,1183684
CVE References: CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    ansible-2.9.22-3.18.1
SUSE OpenStack Cloud 8 (src):    ansible-2.9.22-3.18.1
HPE Helion Openstack 8 (src):    ansible-2.9.22-3.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Swamp Workflow Management 2022-09-08 13:46:08 UTC

SUSE-SU-2022:3178-1: An update that solves 7 vulnerabilities, contains three features and has 10 fixes is now available.

Category: security (important)
Bug References: 1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614
CVE References: CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620
JIRA References: SLE-23631,SLE-24133,SLE-24791
Sources used:
openSUSE Leap 15.4 (src):    ansible-2.9.27-150000.1.14.1, dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1, golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, prometheus-blackbox_exporter-0.19.0-150000.1.11.1, python-hwdata-2.3.5-150000.3.9.1, spacecmd-4.3.14-150000.3.83.1, wire-0.5.0-150000.1.6.1
openSUSE Leap 15.3 (src):    ansible-2.9.27-150000.1.14.1, dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1, golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, python-hwdata-2.3.5-150000.3.9.1, spacecmd-4.3.14-150000.3.83.1
SUSE Manager Tools 15 (src):    ansible-2.9.27-150000.1.14.1, dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1, golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, mgr-daemon-4.3.5-150000.1.35.1, mgr-virtualization-4.3.6-150000.1.32.1, prometheus-blackbox_exporter-0.19.0-150000.1.11.1, python-hwdata-2.3.5-150000.3.9.1, spacecmd-4.3.14-150000.3.83.1, spacewalk-client-tools-4.3.11-150000.3.65.1, uyuni-common-libs-4.3.5-150000.1.24.1, uyuni-proxy-systemd-services-4.3.6-150000.1.6.1, zypp-plugin-spacewalk-1.0.13-150000.3.32.1
SUSE Linux Enterprise Server for SAP 15 (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
SUSE Linux Enterprise Server 15-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (src):    golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, python-hwdata-2.3.5-150000.3.9.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src):    golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, python-hwdata-2.3.5-150000.3.9.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    python-hwdata-2.3.5-150000.3.9.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (src):    ansible-2.9.27-150000.1.14.1, golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, prometheus-blackbox_exporter-0.19.0-150000.1.11.1, python-hwdata-2.3.5-150000.3.9.1, zypp-plugin-spacewalk-1.0.13-150000.3.32.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    ansible-2.9.27-150000.1.14.1, golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1, prometheus-blackbox_exporter-0.19.0-150000.1.11.1, python-hwdata-2.3.5-150000.3.9.1, zypp-plugin-spacewalk-1.0.13-150000.3.32.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    python-hwdata-2.3.5-150000.3.9.1, zypp-plugin-spacewalk-1.0.13-150000.3.32.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Maintenance Automation 2024-01-23 20:30:09 UTC

SUSE-SU-2024:0196-1: An update that solves 44 vulnerabilities, contains 14 features and has 35 security fixes can now be installed.

Category: security (moderate)
Bug References: 1172110, 1176460, 1180816, 1180942, 1181119, 1181935, 1183684, 1187725, 1188061, 1188571, 1189520, 1191454, 1192154, 1192383, 1192696, 1192763, 1193492, 1193686, 1193688, 1197507, 1198903, 1199810, 1200142, 1200480, 1200591, 1200968, 1200970, 1201003, 1201059, 1201535, 1201539, 1202614, 1202945, 1203283, 1203596, 1203597, 1203599, 1204032, 1204126, 1204302, 1204303, 1204304, 1204305, 1204501, 1205207, 1205225, 1205227, 1205599, 1205759, 1207352, 1207749, 1207750, 1207830, 1208046, 1208049, 1208060, 1208062, 1208065, 1208270, 1208293, 1208298, 1208612, 1208692, 1208719, 1208819, 1208821, 1208965, 1209113, 1209645, 1210458, 1210640, 1210907, 1211525, 1212099, 1212100, 1212279, 1212641, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-3447, CVE-2021-3583, CVE-2021-3620, CVE-2021-36222, CVE-2021-3711, CVE-2021-3807, CVE-2021-3918, CVE-2021-41174, CVE-2021-41244, CVE-2021-43138, CVE-2021-43798, CVE-2021-43813, CVE-2021-43815, CVE-2022-0155, CVE-2022-23552, CVE-2022-27664, CVE-2022-29170, CVE-2022-31097, CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-39201, CVE-2022-39229, CVE-2022-39306, CVE-2022-39307, CVE-2022-39324, CVE-2022-41715, CVE-2022-41723, CVE-2022-46146, CVE-2023-0507, CVE-2023-0594, CVE-2023-1387, CVE-2023-1410, CVE-2023-2183, CVE-2023-2801, CVE-2023-3128
Jira References: MSQA-718, PED-2145, PED-2617, PED-3576, PED-3694, PED-4556, PED-5405, PED-5406, SLE-23422, SLE-23439, SLE-23631, SLE-24133, SLE-24565, SLE-24791
Sources used:
SUSE Manager Client Tools Beta for SLE Micro 5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-159000.4.6.1, prometheus-blackbox_exporter-0.24.0-159000.3.6.1, uyuni-proxy-systemd-services-5.0.1-159000.3.9.1, dracut-saltboot-0.1.1681904360.84ef141-159000.3.30.1
SUSE Manager Client Tools Beta for SLE 15 (src): python-pyvmomi-6.7.3-159000.3.6.1, golang-github-QubitProducts-exporter_exporter-0.4.0-159000.4.6.1, supportutils-plugin-salt-1.2.2-159000.5.9.1, uyuni-proxy-systemd-services-5.0.1-159000.3.9.1, mgr-push-5.0.1-159000.4.21.1, golang-github-lusitaniae-apache_exporter-1.0.0-159000.4.12.1, rhnlib-5.0.1-159000.6.30.1, golang-github-prometheus-prometheus-2.45.0-159000.6.33.1, spacewalk-client-tools-5.0.1-159000.6.48.1, uyuni-common-libs-5.0.1-159000.3.33.1, dracut-saltboot-0.1.1681904360.84ef141-159000.3.30.1, golang-github-boynux-squid_exporter-1.6-159000.4.9.1, ansible-2.9.27-159000.3.9.1, prometheus-postgres_exporter-0.10.1-159000.3.6.1, grafana-9.5.8-159000.4.24.1, spacecmd-5.0.1-159000.6.42.1, python-hwdata-2.3.5-159000.5.13.1, prometheus-blackbox_exporter-0.24.0-159000.3.6.1, supportutils-plugin-susemanager-client-5.0.1-159000.6.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Andrea Mattiazzo 2024-05-23 15:11:49 UTC

All done, closing.