安全公告/【CVE-2021-20178】
基本信息
漏洞描述
ansible 模块中发现一个漏洞,在使用 bitbucket_pipeline_variable 模块时,默认情况下凭据会在控制台日志中披露,并且不受安全功能的保护。此漏洞允许攻击者窃取 bitbucket_pipeline 凭据。此漏洞的最大威胁是机密性。
修复方式
软件包升级 dnf update ansible
参考
https://bugzilla.redhat.com/show_bug.cgi?id=1914774
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
https://github.com/ansible-collections/community.general/pull/1635%2C
https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html