CVE-2019-10156 MEDIUM

CVE-2019-10156

Vendor Red Hat
Product ansible
Weakness CWE-200 · Info exposure
Published July 30, 2019
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Key dates

02Disclosure timeline

July 30, 2019 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-20336 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability CVE-2023-50298 Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions CVE-2025-47418 Recording CVE-2024-37924 WordPress WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin <= 1.0.1 - Sensitive Data Exposure vulnerability CVE-2021-29483 wikiconfig API leaked private config variables set through ManageWiki