Wiz
Vulnerability DatabaseCVE-2021-20180

CVE-2021-20180
Ansible vulnerability analysis and mitigation

Overview

A security flaw (CVE-2021-20180) was discovered in the Ansible module where credentials are disclosed in the console log by default when using the bitbucketpipelinevariable module. This vulnerability was identified in early 2021 and affects the Ansible automation platform (Debian Security, Red Hat CVE).

Technical details

The vulnerability exists in the bitbucketpipelinevariable module of Ansible, where sensitive information such as secret values are not properly protected by the security feature and are exposed in the console log by default. This security issue affects multiple versions of Ansible Engine and Ansible Automation Platform (Red Hat Advisory).

Impact

The primary impact of this vulnerability is on confidentiality, as it allows attackers to steal bitbucket_pipeline credentials. Any user with access to the playbook execution output could potentially view these exposed sensitive credentials (Debian Security).

Mitigation and workarounds

The vulnerability was addressed in Ansible version 2.9.18. Red Hat released security updates through multiple advisories including RHSA-2021:0663 and RHSA-2021:1079 to fix this issue. Users are advised to upgrade to the patched versions (Red Hat Advisory).

Community reactions

The vulnerability was acknowledged and credited to Abhijeet Kasurde from Red Hat, who discovered and reported the issue (Red Hat Bugzilla).

Additional resources

SourceThis report was generated using AI

Related Ansible vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-1313MEDIUM6.5
  • GrafanaGrafana
  • grafana-pcp
NoYesMar 26, 2024
CVE-2024-9902MEDIUM6.3
  • AnsibleAnsible
  • ansible-core
NoYesNov 06, 2024
CVE-2025-14010MEDIUM5.5
  • AnsibleAnsible
  • ansible
NoYesDec 04, 2025
CVE-2024-11079MEDIUM5.5
  • AnsibleAnsible
  • ansible-operator
NoYesNov 12, 2024
CVE-2024-8775MEDIUM5.5
  • AnsibleAnsible
  • ansible-core
NoYesSep 14, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo