CVE-2019-10206
MEDIUM severity · CVSS 6.5 · CWE-522
6.5CVSS MEDIUM
Summary
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)2%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.htmlAdvisory
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
- https://www.debian.org/security/2021/dsa-4950Advisory