Home > Vulnerability Database > CVE-2019-10156

Mend.io Vulnerability Database

CVE-2019-10156

Good to know:

Date: July 30, 2019

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Language: Python

Severity Score

5.4

Related Resources (18)

Url: https://access.redhat.com/security/cve/CVE-2019-10156

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10156

Url: https://access.redhat.com/errata/RHSA-2019:3744

Url: https://github.com/ansible/ansible/pull/57188

Url: https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375

Url: https://access.redhat.com/errata/RHSA-2019:3789

Url: https://www.debian.org/security/2021/dsa-4950

Url: https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html

Url: https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Url: https://security.alpinelinux.org/vuln/CVE-2019-10156

Url: https://security-tracker.debian.org/tracker/CVE-2019-10156

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156

Url: https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml

Url: https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922

Url: https://github.com/ansible/ansible

Url: https://github.com/advisories/GHSA-grgm-pph5-j5h7

Url: https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a

Url: https://www.mend.io/vulnerability-database/CVE-2019-10156

Severity Score

5.4

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version ansible - 2.8.2;ansible - 2.6.18;ansible - 2.7.12

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10156

Good to know:

Date: July 30, 2019

Language: Python

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?