PT-2019-5285 · Red Hat+6 · Ansible+6

Borja Tarraso

·

Publicado

2019-07-23

·

Atualizado

2026-06-03

·

CVE-2019-10206

CVSS v4.0

7.1

Alta

VetorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible versions 2.6.x through 2.6.18 Ansible versions 2.7.x through 2.7.12 Ansible versions 2.8.x through 2.8.3
Description The issue is related to insufficient input validation in the Ansible configuration management system. This could allow a remote attacker to gain unauthorized access to protected information. The problem arises when using ansible-playbook -k and Ansible CLI tools, where passwords are expanded from templates and may contain special characters, potentially triggering template execution and exposing the passwords.
Recommendations For Ansible versions 2.6.x through 2.6.18, update to version 2.6.19 or later. For Ansible versions 2.7.x through 2.7.12, update to version 2.7.13 or later. For Ansible versions 2.8.x through 2.8.3, update to version 2.8.4 or later.

Correção

RCE

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-522

Identificadores relacionados

ALT-PU-2019-2615
ALT-PU-2020-1490
ALT-PU-2020-2341
ALT-PU-2020-3006
ALT-PU-2021-1800
BDU:2020-02201
CVE-2019-10206
DLA-3695-1
DLA-3695-2
DSA-4950-1
GHSA-CQMR-RCPR-CXH3
MGASA-2019-0309
OPENSUSE-SU-2020:0513-1
OPENSUSE-SU-2020:0523-1
OPENSUSE-SU-2020_0513-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
OPENSUSE-SU-2026:10944-1
PYSEC-2019-145
RHSA-2019:2542
RHSA-2019:2543
RHSA-2019:2544
RHSA-2019:2545
RHSA-2019:3744
RHSA-2019:3789
SUSE-SU-2019:2274-1
SUSE-SU-2020:3309-1
USN-7330-1
USN-7330-2

Produtos afetados

Alt Linux
Ansible
Ansible-Core
Astra Linux
Linuxmint
Suse
Ubuntu