ALPINE-CVE-2019-10156 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2019-10156 PUBLISHED CVSS 5.400000095367432 MEDIUM

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Risk Scores

CVSS v3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.12	ansible	0, 0.3.1-r0, 0.4-r0
Alpine:v3.11	ansible	0, 0.3.1-r0, 0.4-r0
Alpine:v3.10	ansible	1.6.7-r0, 0, 0.3.1-r0
Alpine:v3.8	ansible	0, 0.3.1-r0, 0.4-r0
Alpine:v3.13	ansible-base	0, 0.3.1-r0, 0.4-r0
Alpine:v3.14	ansible-base	0, 0.3.1-r0, 0.4-r0

Timeline

Jul 30, 2019 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-10156 advisory

Open in Interactive Console →