Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10156

Опубликовано: 04 июн. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5ansibleOut of support scope
Red Hat Ansible Tower 3ansibleAffected
Red Hat Ceph Storage 2ansibleAffected
Red Hat Ceph Storage 3ansibleAffected
Red Hat Enterprise Linux 7ansibleWill not fix
Red Hat OpenShift Container Platform 3.2ansibleOut of support scope
Red Hat OpenShift Container Platform 3.3ansibleOut of support scope
Red Hat OpenShift Container Platform 3.4ansibleOut of support scope
Red Hat OpenShift Container Platform 3.5ansibleOut of support scope
Red Hat OpenShift Container Platform 3.6ansibleOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1717311ansible: unsafe template evaluation of returned module data can lead to information disclosure

EPSS

Процентиль: 70%
0.00653
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10156

CVSS3: 5.4
ubuntu
больше 6 лет назад

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

nvd логотип

CVE-2019-10156

CVSS3: 5.4
nvd
больше 6 лет назад

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

debian логотип

CVE-2019-10156

CVSS3: 5.4
debian
больше 6 лет назад

A flaw was discovered in the way Ansible templating was implemented in ...

github логотип

GHSA-grgm-pph5-j5h7

CVSS3: 5.4
github
больше 6 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in ansible

fstec логотип

BDU:2022-00266

CVSS3: 5.4
fstec
больше 6 лет назад

Уязвимость системы управления конфигурациями ansible, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 70%
0.00653
Низкий

4.6 Medium

CVSS3