VDB
PYSEC-2019-2
PYSEC-2019-2
PUBLISHED
CVSS 8.699999809265137 HIGH
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | ansible | 1.6, 0, 2.7.0 |
Timeline
- Jul 30, 2019 CVE Published
- Nov 8, 2023 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156 report
- https://github.com/advisories/GHSA-grgm-pph5-j5h7 advisory
- https://github.com/ansible/ansible/pull/57188 fix
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html advisory
- https://access.redhat.com/errata/RHSA-2019:3744 advisory
- https://access.redhat.com/errata/RHSA-2019:3789 advisory
- https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html advisory