—
PYSEC-2022-164
Details
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / ansible
Introduced in:
0 Fixed in: fe28767970c8ec62aabe493c46b53a5de1e5fac0 Fix
pip install --upgrade 'ansible>=fe28767970c8ec62aabe493c46b53a5de1e5fac0' References
- https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0 [FIX]
- https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=1975767 [REPORT]
- https://github.com/advisories/GHSA-4r65-35qq-ch8j [ADVISORY]