ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206 | Issue Tracking Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html | |
https://www.debian.org/security/2021/dsa-4950 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
28 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-11-22 13:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-10206
Mitre link : CVE-2019-10206
CVE.ORG link : CVE-2019-10206
JSON object : View
Products Affected
opensuse
- backports_sle
- leap
debian
- debian_linux
redhat
- ansible
CWE
CWE-522
Insufficiently Protected Credentials