Main Vulnerability Database Vulnerabilities #VU30585

Input validation error in Ansible - CVE-2019-10206

Published: November 22, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30585

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10206

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Ansible

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

How to mitigate CVE-2019-10206

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206

Input validation error in Ansible - CVE-2019-10206

Detailed vulnerability description

How to mitigate CVE-2019-10206

Sources

Please verify you're human