CVE-2019-10156

Published: Jul 30, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Affected (7)

Products: Redhat: Ansible, Openstack · Debian: Debian Linux

2 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible	Before 2.6.18
Redhat Ansible	From 2.7.0 to 2.7.12
Redhat Ansible	From 2.8.0 to 2.8.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 13
Redhat Openstack	Version 14

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

https://access.redhat.com/errata/RHSA-2019:3744

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:3789

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://github.com/ansible/ansible/pull/57188

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html

Source: secalert@redhat.com

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.debian.org/security/2021/dsa-4950

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3744

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:3789

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://github.com/ansible/ansible/pull/57188

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.debian.org/security/2021/dsa-4950

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.