PYSEC-2019-145 — Vulnetix

PYSEC-2019-145 PUBLISHED

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

Affected Products

Vendor	Product	Versions
PyPI	ansible	2.6.0, 2.7.0, 2.8.0

Timeline

Nov 22, 2019 CVE Published
Nov 8, 2023 CVE Updated

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206 report
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html url
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html url

Open in Interactive Console →