CVE-2019-10156 — MEDIUM (5.4)

Q: How severe is CVE-2019-10156?

CVE-2019-10156 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10156?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible, Redhat Openstack, Debian Debian Linux.

Vulnerability Description

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ansible	< 2.6.18
Redhat	Openstack	13
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-200

References

https://access.redhat.com/errata/RHSA-2019:3744Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3789Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156Issue TrackingVendor Advisory
https://github.com/ansible/ansible/pull/57188PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.htmlVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2021/dsa-4950Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3744Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3789Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156Issue TrackingVendor Advisory
https://github.com/ansible/ansible/pull/57188PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.htmlVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2021/dsa-4950Third Party Advisory

FAQ

What is CVE-2019-10156?

CVE-2019-10156 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitut...

How severe is CVE-2019-10156?

CVE-2019-10156 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10156?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible, Redhat Openstack, Debian Debian Linux.