CVE-2019-10156
published 2019-07-30CVE-2019-10156: A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ansible | < ansible 2.8.3+dfsg-1 (bookworm) | ansible 2.8.3+dfsg-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| red_hat | ansible | — | — |
| red_hat | ansible | — | — |
| red_hat | ansible | — | — |
| redhat | ansible | < 2.6.18 | 2.6.18 |
| redhat | ansible | >= 0 < 2.8.3+dfsg-1 | 2.8.3+dfsg-1 |
| redhat | ansible | >= 0 < 2.8.3+dfsg-1 | 2.8.3+dfsg-1 |
| redhat | ansible | >= 0 < 2.8.3+dfsg-1 | 2.8.3+dfsg-1 |
| redhat | ansible | >= 0 < 2.8.3+dfsg-1 | 2.8.3+dfsg-1 |
| redhat | ansible | >= 0 < 2.6.18 | 2.6.18 |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3 | 2.0.0.2-2ubuntu1.3 |
| redhat | ansible | >= 0 < 2.5.1+dfsg-1ubuntu0.1 | 2.5.1+dfsg-1ubuntu0.1 |
| redhat | ansible | >= 2.7.0 < 2.7.12 | 2.7.12 |
| redhat | ansible | >= 2.7.0a1 < 2.7.12 | 2.7.12 |
| redhat | ansible | >= 2.8.0 < 2.8.2 | 2.8.2 |
| redhat | ansible | >= 2.8.0a1 < 2.8.2 | 2.8.2 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
osv9.8CRITICAL