Описание
Exposure of Sensitive Information to an Unauthorized Actor in ansible
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10156
- https://github.com/ansible/ansible/pull/57188
- https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922
- https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375
- https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a
- https://access.redhat.com/errata/RHSA-2019:3744
- https://access.redhat.com/errata/RHSA-2019:3789
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156
- https://github.com/advisories/GHSA-grgm-pph5-j5h7
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
- https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
- https://www.debian.org/security/2021/dsa-4950
Пакеты
ansible
< 2.6.18
2.6.18
ansible
>= 2.7.0a1, < 2.7.12
2.7.12
ansible
>= 2.8.0a1, < 2.8.2
2.8.2
Связанные уязвимости
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
A flaw was discovered in the way Ansible templating was implemented in ...
Уязвимость системы управления конфигурациями ansible, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность