Description
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
References (5)
Core 5
Core References
Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4950
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Scores
CVSS v3
6.5
EPSS
0.0032
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (5)
debian/debian_linux
10.0
opensuse/backports_sle
15.0 sp1
opensuse/leap
15.1
pypi/ansible
2.8.0 - 2.8.4PyPI
redhat/ansible
2.6.0 - 2.6.19
Published
Nov 22, 2019
Tracked Since
Feb 18, 2026