GHSA-6fq2-x65v-v9h7

Suggest an improvement
Source
https://github.com/advisories/GHSA-6fq2-x65v-v9h7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6fq2-x65v-v9h7/GHSA-6fq2-x65v-v9h7.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6fq2-x65v-v9h7
Aliases
Published
2022-05-24T17:02:07Z
Modified
2024-11-24T05:23:25.634562Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Ansible password prompts could expose passwords
Details

A data disclosure flaw was found in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality.

This CVE exists due to an incomplete fix for CVE-2019-10206.

Database specific
{
    "nvd_published_at": "2019-11-26T14:15:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-19T18:03:19Z"
}
References

Affected packages

PyPI / ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.8.0
Fixed
2.8.6

Affected versions

2.*

2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5

PyPI / ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.7.0
Fixed
2.7.14

Affected versions

2.*

2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.7.10
2.7.11
2.7.12
2.7.13

PyPI / ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.0
Fixed
2.6.20

Affected versions

2.*

2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19