Описание
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.5.1+dfsg-1ubuntu0.1 |
| cosmic | ignored | end of life |
| devel | released | 2.7.8+dfsg-1ubuntu1 |
| disco | released | 2.7.8+dfsg-1ubuntu0.19.04.1 |
| esm-apps/bionic | released | 2.5.1+dfsg-1ubuntu0.1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | code not present |
Показывать по
Ссылки на источники
EPSS
5.5 Medium
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
A flaw was discovered in the way Ansible templating was implemented in ...
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Уязвимость системы управления конфигурациями ansible, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
EPSS
5.5 Medium
CVSS2
5.4 Medium
CVSS3