ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206 | Issue Tracking Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html | |
https://www.debian.org/security/2021/dsa-4950 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-22T00:00:00
Updated: 2023-12-28T19:06:29.796935
Reserved: 2019-03-27T00:00:00
Link: CVE-2019-10206
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-22T13:15:11.723
Modified: 2023-12-28T19:15:12.027
Link: CVE-2019-10206
JSON object: View
Redhat Information
No data.
CWE