CVE-2019-10156
Description
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.653
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-10156 are fixed in Python-ansible 2.6.18 | Windows |
| Vulnerabilities CVE-2019-10156 are fixed in Python-ansible 2.7.12 | Windows |
| Vulnerabilities CVE-2019-10156 are fixed in Python-ansible 2.8.2 | Windows |
| Configuration management, deployment, and task execution system (USN-4072-1) ansible_2.0.0.2-2ubuntu1.3_all.deb | Linux |
| Configuration management, deployment, and task execution system (USN-4072-1) ansible_2.5.1+dfsg-1ubuntu0.1_all.deb | Linux |
| Configuration management, deployment, and task execution system (USN-4072-1) ansible_2.7.8+dfsg-1ubuntu0.19.04.1_all.deb | Linux |
| ansible security update(DSA-4950-1) ansible_2.7.7+dfsg-1+deb10u1_all.deb | Linux |
| ansible security update(DSA-4950-1) Debian_ansible_2.7.7+dfsg-1+deb10u1_all.deb | Linux |
| Vulnerabilities CVE-2019-10156 are fixed in Python-ansible for linux 2.6.18 | Linux |
| Vulnerabilities CVE-2019-10156 are fixed in Python-ansible for linux 2.7.12 | Linux |
| Vulnerabilities CVE-2019-10156 are fixed in Python-ansible for linux 2.8.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234