CVE-2019-10206 — MEDIUM (6.5)

Q: How severe is CVE-2019-10206?

CVE-2019-10206 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10206?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible, Debian Debian Linux, Opensuse Backports Sle, Opensuse Leap.

Vulnerability Description

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ansible	>= 2.6.0, < 2.6.19
Debian	Debian Linux	10.0
Opensuse	Backports Sle	15.0
Opensuse	Leap	15.1

Related Weaknesses (CWE)

CWE-522

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.htmlMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
https://www.debian.org/security/2021/dsa-4950Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.htmlMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
https://www.debian.org/security/2021/dsa-4950Third Party Advisory

FAQ

What is CVE-2019-10206?

CVE-2019-10206 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain...

How severe is CVE-2019-10206?

CVE-2019-10206 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10206?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible, Debian Debian Linux, Opensuse Backports Sle, Opensuse Leap.