CVE-2019-10156

Summary

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Affected Software

VendorProductVersion RangeStatus
Red Hatansiblefixed in 2.6.18affected
Red Hatansiblefixed in 2.7.12affected
Red Hatansiblefixed in 2.8.2affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References