CVE-2019-10156 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-10156 PUBLISHED

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

EPSS 0.65% · 70.7th percentile

Risk Scores

EPSS Score

0.65%

70.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	ansible	0, 2.3.1.0+dfsg-2, 2.5.0+dfsg-1

Timeline

Jun 17, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 11, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2019-10156 third-party-advisory
https://github.com/ansible/ansible/pull/57188 third-party-advisory
https://github.com/ansible/ansible/pull/57188/commits/8254c266f962d5febe46396d5083bb9c1da74840 third-party-advisory
https://github.com/ansible/ansible/pull/57188/commits/fbda0028750a17a032d83dad9d1fb284f9ea68a4 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-10156 third-party-advisory
https://ubuntu.com/security/notices/USN-4072-1 vendor-advisory

Open in Interactive Console →