CVE-2019-14856

Advisory

Affected versions of Ansible are vulnerable to CVE-2019-14856: The fix for CVE-2019-10206 was found to be incomplete for the data disclosure flaw in Ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14856
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
• https://access.redhat.com/errata/RHSA-2020:0756
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
• https://github.com/ansible/ansible/pull/63351
• https://github.com/ansible/ansible/pull/63352