CVE-2019-10156

Sažetak

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156
https://github.com/ansible/ansible/pull/57188
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
https://access.redhat.com/errata/RHSA-2019:3744
https://access.redhat.com/errata/RHSA-2019:3789
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
https://www.debian.org/security/2021/dsa-4950

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

19-04-2022 - 15:36

Objavljeno

30-07-2019 - 23:15