PyPi: Ansible-Core

CVE-2019-10156

Safety vulnerability ID: 42887

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 30, 2019 Updated at Jun 10, 2024

Scan your Python projects for vulnerabilities →

Advisory

Ansible 2.6.18, 2.7.12 and 2.8.2 include a fix for CVE-2019-10156: A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156

Affected package

ansible-core

Latest version: 2.17.0

Radically simple IT automation

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.4

CVSS v3 Details

MEDIUM 5.4

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 5.5

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): SINGLE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE