CVE-2019-10156 Information
Feb 14, 2021
cve
Description
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18 2.7.12 and 2.8.2 causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Reference
https://access.redhat.com/errata/RHSA-2019:3744 https://access.redhat.com/errata/RHSA-2019:3789 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156 https://github.com/ansible/ansible/pull/57188 https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: