CVE-2019-14856 – ansible

Package

Manager: pip
Name: ansible
Vulnerable Version: >=2.8.0 <2.8.6 || >=2.7.0 <2.7.14 || >=2.6.0 <2.6.20

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00365 pctl0.57763

Details

Ansible password prompts could expose passwords A data disclosure flaw was found in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality. This CVE exists due to an incomplete fix for CVE-2019-10206.

Metadata

Created: 2022-05-24T17:02:07Z
Modified: 2024-11-18T16:26:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6fq2-x65v-v9h7/GHSA-6fq2-x65v-v9h7.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-6fq2-x65v-v9h7
Finding: F006
Auto approve: 1