CVE-2021-20178 in Red Hat and Fedora Project Products
Published on May 26, 2021
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2021-20178
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-20178 are published in these products:
Exploit Probability
EPSS
0.04%
Percentile
13.44%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.