PT-2019-5285 · Red Hat+6 · Ansible+6

Borja Tarraso

·

Published

2019-07-23

·

Updated

2026-06-03

·

CVE-2019-10206

CVSS v4.0

7.1

High

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible versions 2.6.x through 2.6.18 Ansible versions 2.7.x through 2.7.12 Ansible versions 2.8.x through 2.8.3
Description The issue is related to insufficient input validation in the Ansible configuration management system. This could allow a remote attacker to gain unauthorized access to protected information. The problem arises when using ansible-playbook -k and Ansible CLI tools, where passwords are expanded from templates and may contain special characters, potentially triggering template execution and exposing the passwords.
Recommendations For Ansible versions 2.6.x through 2.6.18, update to version 2.6.19 or later. For Ansible versions 2.7.x through 2.7.12, update to version 2.7.13 or later. For Ansible versions 2.8.x through 2.8.3, update to version 2.8.4 or later.

Fix

RCE

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-522

Related Identifiers

ALT-PU-2019-2615
ALT-PU-2020-1490
ALT-PU-2020-2341
ALT-PU-2020-3006
ALT-PU-2021-1800
BDU:2020-02201
CVE-2019-10206
DLA-3695-1
DLA-3695-2
DSA-4950-1
GHSA-CQMR-RCPR-CXH3
MGASA-2019-0309
OPENSUSE-SU-2020:0513-1
OPENSUSE-SU-2020:0523-1
OPENSUSE-SU-2020_0513-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
OPENSUSE-SU-2026:10944-1
PYSEC-2019-145
RHSA-2019:2542
RHSA-2019:2543
RHSA-2019:2544
RHSA-2019:2545
RHSA-2019:3744
RHSA-2019:3789
SUSE-SU-2019:2274-1
SUSE-SU-2020:3309-1
USN-7330-1
USN-7330-2

Affected Products

Alt Linux
Ansible
Ansible-Core
Astra Linux
Linuxmint
Suse
Ubuntu