CVE-2019-10156 – ansible

Package

Manager: pip
Name: ansible
Vulnerable Version: >=0 <2.6.18 || >=2.7.0a1 <2.7.12 || >=2.8.0a1 <2.8.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0063 pctl0.69399

Details

Exposure of Sensitive Information to an Unauthorized Actor in ansible A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Metadata

Created: 2019-07-31T04:22:49Z
Modified: 2024-09-04T20:45:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-grgm-pph5-j5h7/GHSA-grgm-pph5-j5h7.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-grgm-pph5-j5h7
Finding: F017
Auto approve: 1