CVE-2019-10206: Ansible password prompts could expose passwords
(updated )
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
References
- bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206
- github.com/advisories/GHSA-cqmr-rcpr-cxh3
- github.com/ansible/ansible
- github.com/ansible/ansible/commit/4b5aed4e5af4c7aab621662f50a289e99b8ac393
- github.com/ansible/ansible/commit/d39488ece44956f6a169a498b067bbef54552be1
- github.com/ansible/ansible/commit/d728127310b4f3a40ce8b9df3affb88ffaeea073
- github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-145.yaml
- lists.debian.org/debian-lts-announce/2023/12/msg00018.html
- nvd.nist.gov/vuln/detail/CVE-2019-10206
- www.debian.org/security/2021/dsa-4950
Detect and mitigate CVE-2019-10206 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →