Vulnerability: Disclosure of Bitbucket Pipeline Credentials in Ansible Console Log

Vulnerability: Disclosure of Bitbucket Pipeline Credentials in Ansible Console Log

CVE-2021-20178 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Learn more about our Web Application Penetration Testing UK.