Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3681

EPSS 0.04% · P13
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3681

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ansible Galaxy Collections 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Ansible是美国红帽(Red Hat)公司的一款计算机系统配置管理器。该产品可用于发布、管理和编排计算机系统。 Ansible Galaxy Collections存在安全漏洞,攻击者可利用该漏洞获取系统敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-ansible ansible 3.3.0 -

II. Public POCs for CVE-2021-3681

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3681

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-04-18 · 26 CVEs total

CVE-2022-294649.8 CRITICALWSO2 API Manager 路径遍历漏洞
CVE-2022-27525Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-29457ZOHO ManageEngine ADSelfService Plus 安全漏洞
CVE-2022-25226ThinVNC 安全漏洞
CVE-2011-4917Linux kernel 安全漏洞
CVE-2021-42778OpenSC 资源管理错误漏洞
CVE-2011-1762Wordpress 安全漏洞
CVE-2021-3503Red Hat Wildfly 安全漏洞
CVE-2021-3624dcraw 输入验证错误漏洞
CVE-2022-1341bwm-ng 代码问题漏洞
CVE-2022-27652cri-o 安全漏洞
CVE-2022-27530Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-27529Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-27526Autodesk Design Review 缓冲区错误漏洞
CVE-2021-3652389-ds-base 安全漏洞
CVE-2021-46122TP-LINK TL-WR840N 安全漏洞
CVE-2022-26665Tyler Technologies Tyler Odyssey 安全漏洞
CVE-2022-26631ResearchGate Automatic Question Paper Generator System SQL注入漏洞
CVE-2022-28810ZOHO ManageEngine ADSelfService Plus 信任管理问题漏洞
CVE-2022-27908ZOHO ManageEngine OpManager SQL注入漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ansible
Same vendor: n/a
Same weakness: CWE-522

V. Comments for CVE-2021-3681

No comments yet

Leave a comment