PT-2019-6151 · Red Hat+4 · Ansible+4

Bcoca

Publicado

2019-06-06

Atualizado

2026-06-03

CVE-2019-10156

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.6.18 Ansible versions prior to 2.7.12 Ansible versions prior to 2.8.2

Description A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution, the content of any variable may be disclosed. This issue may allow a remote attacker to access and compromise confidential data.

Recommendations For versions prior to 2.6.18, update to version 2.6.18 or later. For versions prior to 2.7.12, update to version 2.7.12 or later. For versions prior to 2.8.2, update to version 2.8.2 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2019-2615

ALT-PU-2020-1490

ALT-PU-2020-2341

ALT-PU-2020-3006

ALT-PU-2021-1800

BDU:2022-00266

CVE-2019-10156

DLA-1923-1

DLA-2535-1

DSA-4950-1

GHSA-GRGM-PPH5-J5H7

MGASA-2019-0234

OESA-2021-1400

OPENSUSE-SU-2022:0081-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2019-2

PYSEC-2019-72

RHSA-2019:1705

RHSA-2019:1706

RHSA-2019:1707

RHSA-2019:1708

RHSA-2019:3744

RHSA-2019:3789

SUSE-SU-2020:3309-1

USN-4072-1

Produtos afetados

Alt Linux

Ansible

Ansible-Core

Astra Linux

Ubuntu

PT-2019-6151 · Red Hat+4 · Ansible+4

CVE-2019-10156

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 194