{"api_version":"1","generated_at":"2026-04-23T05:57:51+00:00","cve":"CVE-2019-10206","urls":{"html":"https://cve.report/CVE-2019-10206","api":"https://cve.report/api/cve/CVE-2019-10206.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-10206","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-10206"},"summary":{"title":"CVE-2019-10206","description":"ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-11-22 13:15:00","updated_at":"2023-12-28 19:15:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","name":"openSUSE-SU-2020:0513","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0513-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","name":"[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update","refsource":"","tags":[],"title":"[SECURITY] [DLA 3695-1] ansible security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","name":"openSUSE-SU-2020:0523","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0523-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4950","name":"DSA-4950","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4950-1 ansible","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"1732623 – (CVE-2019-10206) CVE-2019-10206 Ansible: disclosure data when prompted for password and template characters are passed","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-10206","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10206","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"10206","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10206","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10206","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opensuse","cpe5":"backports_sle","cpe6":"15.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10206","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10206","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ansible","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10206","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"ansible","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-10206","qid":"178744","title":"Debian Security Update for ansible (DSA 4950-1)"},{"cve":"CVE-2019-10206","qid":"500004","title":"Alpine Linux Security Update for ansible"},{"cve":"CVE-2019-10206","qid":"501345","title":"Alpine Linux Security Update for ansible-base"},{"cve":"CVE-2019-10206","qid":"6000405","title":"Debian Security Update for ansible (DLA 3695-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-10206","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Ansible","version":{"version_data":[{"version_value":"all 2.8.x before 2.8.4"},{"version_value":"all 2.7.x before 2.7.13"},{"version_value":"all 2.6.x before 2.6.19"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-522"}]}]},"references":{"reference_data":[{"refsource":"SUSE","name":"openSUSE-SU-2020:0513","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0523","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"refsource":"DEBIAN","name":"DSA-4950","url":"https://www.debian.org/security/2021/dsa-4950"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206","refsource":"CONFIRM"}]},"description":{"description_data":[{"lang":"eng","value":"ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them."}]},"impact":{"cvss":[[{"vectorString":"6.4/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","version":"3.0"}]]}},"nvd":{"publishedDate":"2019-11-22 13:15:00","lastModifiedDate":"2023-12-28 19:15:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.0","versionEndExcluding":"2.6.19","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.0","versionEndExcluding":"2.8.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"10206","Ordinal":"148423","Title":"CVE-2019-10206","CVE":"CVE-2019-10206","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"10206","Ordinal":"1","NoteData":"ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"10206","Ordinal":"2","NoteData":"2019-11-22","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"10206","Ordinal":"3","NoteData":"2021-08-07","Type":"Other","Title":"Modified"}]}}}