CVE-2019-10206

moderate-risk

Published 2019-11-22

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Ansible

Debian Linux

Backports Sle

Leap

Affected Vendors

Debian Redhat Opensuse

References (10)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206

https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Third Party Advisory https://www.debian.org/security/2021/dsa-4950

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206

https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html

Third Party Advisory https://www.debian.org/security/2021/dsa-4950

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 10/34 · Low