{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-10206","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-08-04T22:17:18.927Z","dateReserved":"2019-03-27T00:00:00.000Z","datePublished":"2019-11-22T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2023-12-28T19:06:29.796Z"},"descriptions":[{"lang":"en","value":"ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them."}],"affected":[{"vendor":"Red Hat","product":"Ansible","versions":[{"version":"all 2.8.x before 2.8.4","status":"affected"},{"version":"all 2.7.x before 2.7.13","status":"affected"},{"version":"all 2.6.x before 2.6.19","status":"affected"}]}],"references":[{"name":"openSUSE-SU-2020:0513","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"name":"openSUSE-SU-2020:0523","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"name":"DSA-4950","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2021/dsa-4950"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206"},{"name":"[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-522","cweId":"CWE-522"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T22:17:18.927Z"},"title":"CVE Program Container","references":[{"name":"openSUSE-SU-2020:0513","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"name":"openSUSE-SU-2020:0523","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"name":"DSA-4950","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2021/dsa-4950"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"}]}]}}