CVE-2019-10206: ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding…

medium6.5CVSS 3.1

AVNACLPRLUINSUCHINAN

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
debian	ansible	< ansible 2.8.6+dfsg-1 (bookworm)	ansible 2.8.6+dfsg-1 (bookworm)
debian	debian_linux	—	—
opensuse	backports_sle	—	—
opensuse	leap	—	—
red_hat	ansible	—	—
red_hat	ansible	—	—
red_hat	ansible	—	—
redhat	ansible	>= 0 < 2.8.6+dfsg-1	2.8.6+dfsg-1
redhat	ansible	>= 0 < 2.8.6+dfsg-1	2.8.6+dfsg-1
redhat	ansible	>= 0 < 2.8.6+dfsg-1	2.8.6+dfsg-1
redhat	ansible	>= 0 < 2.8.6+dfsg-1	2.8.6+dfsg-1
redhat	ansible	>= 0 < 1.5.4+dfsg-1ubuntu0.1~esm3	1.5.4+dfsg-1ubuntu0.1~esm3
redhat	ansible	>= 0 < 2.0.0.2-2ubuntu1.3+esm6	2.0.0.2-2ubuntu1.3+esm6
redhat	ansible	>= 0 < 2.0.0.2-2ubuntu1.3+esm5	2.0.0.2-2ubuntu1.3+esm5
redhat	ansible	>= 0 < 2.5.1+dfsg-1ubuntu0.1+esm5	2.5.1+dfsg-1ubuntu0.1+esm5
redhat	ansible	>= 0 < 2.9.6+dfsg-1ubuntu0.1~esm3	2.9.6+dfsg-1ubuntu0.1~esm3
redhat	ansible	>= 2.6.0 < 2.6.19	2.6.19
redhat	ansible	>= 2.6.0 < 2.6.19	2.6.19
redhat	ansible	>= 2.6.0 < 2.6.20	2.6.20
redhat	ansible	>= 2.7.0 < 2.7.13	2.7.13
redhat	ansible	>= 2.7.0 < 2.7.13	2.7.13
redhat	ansible	>= 2.7.0 < 2.7.14	2.7.14
redhat	ansible	>= 2.8.0 < 2.8.4	2.8.4
redhat	ansible	>= 2.8.0 < 2.8.4	2.8.4
redhat	ansible	>= 2.8.0 < 2.8.6	2.8.6

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

ghsa6.5MEDIUM

osv6.5MEDIUM