ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3695-1 ansible security update
Debian DSA Debian DSA DSA-4950-1 ansible security update
EUVD EUVD EUVD-2019-0003 ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
Github GHSA Github GHSA GHSA-cqmr-rcpr-cxh3 Ansible password prompts could expose passwords
Ubuntu USN Ubuntu USN USN-7330-1 Ansible vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-04T22:17:18.927Z

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10206

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-22T13:15:11.723

Modified: 2024-11-21T04:18:39.200

Link: CVE-2019-10206

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-07-24T00:00:00Z

Links: CVE-2019-10206 - Bugzilla

cve-icon OpenCVE Enrichment

No data.