Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10206

Опубликовано: 24 июл. 2019
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

A data disclosure flaw was found in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 2ansibleOut of support scope
Red Hat Ceph Storage 3ansibleAffected
Red Hat OpenStack Platform 10 (Newton)ansibleWill not fix
Red Hat Storage 3ansibleWill not fix
Red Hat Ansible Engine 2.6 for RHEL 7ansibleFixedRHSA-2019:254521.08.2019
Red Hat Ansible Engine 2.7 for RHEL 7ansibleFixedRHSA-2019:254421.08.2019
Red Hat Ansible Engine 2.8 for RHEL 7ansibleFixedRHSA-2019:254221.08.2019
Red Hat Ansible Engine 2.8 for RHEL 8ansibleFixedRHSA-2019:254221.08.2019
Red Hat Ansible Engine 2 for RHEL 7ansibleFixedRHSA-2019:254321.08.2019
Red Hat Ansible Engine 2 for RHEL 8ansibleFixedRHSA-2019:254321.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1732623Ansible: disclosure data when prompted for password and template characters are passed

EPSS

Процентиль: 46%
0.00232
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10206

CVSS3: 6.5
ubuntu
около 6 лет назад

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

nvd логотип

CVE-2019-10206

CVSS3: 6.5
nvd
около 6 лет назад

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

debian логотип

CVE-2019-10206

CVSS3: 6.5
debian
около 6 лет назад

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...

github логотип

GHSA-cqmr-rcpr-cxh3

CVSS3: 6.5
github
больше 3 лет назад

Ansible password prompts could expose passwords

fstec логотип

BDU:2020-02201

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 46%
0.00232
Низкий

6.4 Medium

CVSS3