CVE-2019-10206 vulnerability in Red Hat and Other Products
Published on November 22, 2019
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2019-10206
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10206 are published in these products:
Affected Versions
Red Hat Ansible:- Version all 2.8.x before 2.8.4 is affected.
- Version all 2.7.x before 2.7.13 is affected.
- Version all 2.6.x before 2.6.19 is affected.
Exploit Probability
EPSS
0.22%
Percentile
44.47%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.