CVE-2019-10206 – ansible

Package

Manager: pip
Name: ansible
Vulnerable Version: >=2.8.0 <2.8.4 || >=2.7.0 <2.7.13 || >=2.6.0 <2.6.19

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00214 pctl0.43971

Details

Ansible password prompts could expose passwords ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Metadata

Created: 2022-05-24T17:01:46Z
Modified: 2024-11-18T16:26:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cqmr-rcpr-cxh3/GHSA-cqmr-rcpr-cxh3.json
CWE IDs: ["CWE-20", "CWE-522"]
Alternative ID: GHSA-cqmr-rcpr-cxh3
Finding: F035
Auto approve: 1