CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0a07068054090d5b78b27496aa251be74c484b45

Fixed

24007b5d4b191642c5a5a976caad4d7d4a795ebe

Introduced

2611867fd1dc387ceaa0ffb8ce0f030aafc2a859

Fixed

c4902421d9fede8996cfa4bb11b464080d4a387d

Introduced

8ce3bd6deaa0a0274a921c0137cbd804ffc312d0

Fixed

38036f07d80b060d6e9f400724cc747fa4ad9d91

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.6.14

v2.6.15

v2.6.16

v2.6.17

v2.6.18

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10206.json"

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9c1426de7521299f70eb5483e7e25d1c2a73dbbd

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10206.json"