PYSEC-2019-145

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2019-145.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-145

Aliases

Published

2019-11-22T13:15:00Z

Modified

2023-11-08T04:00:43.164965Z

Summary

[none]

Details

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.

References

Affected packages

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.0

Fixed

2.6.19

Introduced

2.7.0

Fixed

2.7.13

Introduced

2.8.0

Fixed

2.8.4

Affected versions

2.*

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.18

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.7.10

2.7.11

2.7.12

2.8.0

2.8.1

2.8.2

2.8.3