Page 5 of 22 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-10206 – Ansible: disclosure data when prompted for password and template characters are passed

https://notcve.org/view.php?id=CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. ansible-playbook -k y ansible cli tools, todas las versiones 2.8.x anteriores a 2.8.4, todas las 2.7.x anteriores a 2.7.13 y todas las 2.6.x anteriores a 2.6.19, solicitan contraseñas mediante expansión de plantillas, ya que podrían contener caracteres especiales. Las contraseñas deberán ser empaquetadas para evitar que las plantillas se activen y las expongan. A data disclosure flaw was found in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-10206 https://bugzilla.redhat.com/show_bug.cgi?id=1732623 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-10156 – ansible: unsafe template evaluation of returned module data can lead to information disclosure

https://notcve.org/view.php?id=CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. Se detectó un fallo en la manera en que fueron implementadas las plantillas de Ansible en versiones anteriores a 2.6.18, 2.7.12 y 2.8.2, causando la posibilidad de revelación de información mediante la sustitución inesperada de variables. Tomando ventaja de la sustitución involuntaria de variables, se puede divulgar el contenido de cualquier variable. A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. • https://access.redhat.com/errata/RHSA-2019:3744 https://access.redhat.com/errata/RHSA-2019:3789 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156 https://github.com/ansible/ansible/pull/57188 https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-10156 https://bugzilla.redhat.com/show_bug • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •