PT-2019-6151 · Red Hat+4 · Ansible+4

Bcoca

Published

2019-06-06

Updated

2026-06-03

CVE-2019-10156

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.6.18 Ansible versions prior to 2.7.12 Ansible versions prior to 2.8.2

Description A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution, the content of any variable may be disclosed. This issue may allow a remote attacker to access and compromise confidential data.

Recommendations For versions prior to 2.6.18, update to version 2.6.18 or later. For versions prior to 2.7.12, update to version 2.7.12 or later. For versions prior to 2.8.2, update to version 2.8.2 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-2615

ALT-PU-2020-1490

ALT-PU-2020-2341

ALT-PU-2020-3006

ALT-PU-2021-1800

BDU:2022-00266

CVE-2019-10156

DLA-1923-1

DLA-2535-1

DSA-4950-1

GHSA-GRGM-PPH5-J5H7

MGASA-2019-0234

OESA-2021-1400

OPENSUSE-SU-2022:0081-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2019-2

PYSEC-2019-72

RHSA-2019:1705

RHSA-2019:1706

RHSA-2019:1707

RHSA-2019:1708

RHSA-2019:3744

RHSA-2019:3789

SUSE-SU-2020:3309-1

USN-4072-1

Affected Products

Alt Linux

Ansible

Ansible-Core

Astra Linux

Ubuntu

PT-2019-6151 · Red Hat+4 · Ansible+4

CVE-2019-10156

Weakness Enumeration

Related Identifiers

Affected Products

References · 194