CVE-2019-10206

Description

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

How to fix CVE-2019-10206

To remediate CVE-2019-10206, upgrade the affected package to a fixed version below.

• —upgrade to 2.8.4-r0 or later
• —upgrade to 2.8.4-r0 or later
• —upgrade to 2.8.6+dfsg-1 or later
• —upgrade to 2.7.7+dfsg-1+deb10u2 or later
• —upgrade to 2.8.4 or later
• —upgrade to 2.6.19 or later

Is CVE-2019-10206 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (6)

• from 0, < 2.8.4-r0
• from 0, < 2.8.4-r0
• from 0, < 2.8.6+dfsg-1
• from 0, < 2.7.7+dfsg-1+deb10u2
• >= 2.8.0, < 2.8.4
• >= 2.6.0, < 2.6.19, >= 2.7.0, < 2.7.13, >= 2.8.0, < 2.8.4

CVSS scores

References (14)

• ADVISORYgithub.com/advisories/GHSA-cqmr-rcpr-cxh3
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-10206
• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2019-10206
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-10206
• PATCH