Описание
Ansible password prompts could expose passwords
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10206
- https://github.com/ansible/ansible/commit/4b5aed4e5af4c7aab621662f50a289e99b8ac393
- https://github.com/ansible/ansible/commit/d39488ece44956f6a169a498b067bbef54552be1
- https://github.com/ansible/ansible/commit/d728127310b4f3a40ce8b9df3affb88ffaeea073
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-145.yaml
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
- https://www.debian.org/security/2021/dsa-4950
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
Пакеты
ansible
>= 2.8.0, < 2.8.4
2.8.4
ansible
>= 2.7.0, < 2.7.13
2.7.13
ansible
>= 2.6.0, < 2.6.19
2.6.19
EPSS
7.1 High
CVSS4
6.5 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...
Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.1 High
CVSS4
6.5 Medium
CVSS3