CVE-2020-1753: 
Ansible Tower vulnerability analysis and mitigation

A security vulnerability (CVE-2020-1753) was discovered in Ansible Engine affecting all Ansible versions 2.7.x prior to 2.7.17, 2.8.x prior to 2.8.11, and 2.9.x prior to 2.9.7. The vulnerability specifically affects the kubectl connection plugin when managing Kubernetes using the k8s module (CVE Mitre, NVD).

The vulnerability occurs when sensitive parameters such as passwords and tokens are passed to kubectl from the command line, instead of using environment variables or input configuration files. This implementation flaw causes these credentials to be exposed in the process list. Additionally, the no_log directive from the debug module has no effect, resulting in secrets being disclosed in stdout and log files (Red Hat Bugzilla).

The vulnerability can lead to the disclosure of sensitive information such as passwords and authentication tokens. These credentials could be visible in process lists, stdout output, and log files, potentially exposing them to unauthorized users or processes on the system (Debian Security, Red Hat Advisory).

The vulnerability has been patched in Ansible versions 2.7.17, 2.8.11, and 2.9.7. Users should upgrade to these or later versions to address the issue. The fix includes a warning about disclosure when using certain options (GitHub PR, Red Hat Advisory).