Описание
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
The fix for CVE-2019-10206 was found to be incomplete for the data disclosure flaw in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ansible | Not affected | ||
| Red Hat Ceph Storage 2 | ansible | Will not fix | ||
| Red Hat Ceph Storage 3 | ansible | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | ansible | Out of support scope | ||
| Red Hat OpenStack Platform 14 (Rocky) | ansible | Will not fix | ||
| Red Hat Satellite 6 | ansible | Out of support scope | ||
| Red Hat Storage 3 | ansible | Will not fix | ||
| Red Hat Ansible Engine 2.6 for RHEL 7 | ansible | Fixed | RHSA-2019:3201 | 24.10.2019 |
| Red Hat Ansible Engine 2.7 for RHEL 7 | ansible | Fixed | RHSA-2019:3202 | 24.10.2019 |
| Red Hat Ansible Engine 2.8 for RHEL 7 | ansible | Fixed | RHSA-2019:3203 | 24.10.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
Ansible password prompts could expose passwords
Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.4 Medium
CVSS3