ALPINE-CVE-2021-20191

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2021-20191

Published: 26 May 2021, 21:15

Last modified:19 Nov 2025, 06:18

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

3.1 (osv_alpine)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 May 2021, 21:15

Published

Vulnerability first disclosed

19 Nov 2025, 06:18

Last Modified

Vulnerability information updated

Description

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

alpine•ansible
< 2.8.19-r0 | < 2.9.18-r0 | < 2.9.18-r0 | < 2.10.7-r0 | < 2.10.7-r0

References (1)

https://security.alpinelinux.org/vuln/CVE-2021-20191