cvelist/2019/10xxx/CVE-2019-10156.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-10156",
        "ASSIGNER": "secalert@redhat.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Red Hat",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "ansible",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "fixed in 2.6.18"
                                        },
                                        {
                                            "version_value": "fixed in 2.7.12"
                                        },
                                        {
                                            "version_value": "fixed in 2.8.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-200"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156",
                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156",
                "refsource": "CONFIRM"
            },
            {
                "url": "https://github.com/ansible/ansible/pull/57188",
                "name": "https://github.com/ansible/ansible/pull/57188",
                "refsource": "CONFIRM"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:3744",
                "url": "https://access.redhat.com/errata/RHSA-2019:3744"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:3789",
                "url": "https://access.redhat.com/errata/RHSA-2019:3789"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed."
            }
        ]
    },
    "impact": {
        "cvss": [
            [
                {
                    "vectorString": "4.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                    "version": "3.0"
                }
            ]
        ]
    }
}
"-Synchronized-Data." 2019-03-27 12:00:51 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2019-10156",`
"-Synchronized-Data." 2019-07-30 23:00:55 +00:00			`"ASSIGNER": "secalert@redhat.com",`
			`"STATE": "PUBLIC"`
CVE-2019-10156 2019-07-30 18:37:14 -03:00			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Red Hat",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "ansible",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "fixed in 2.6.18"`
			`},`
			`{`
			`"version_value": "fixed in 2.7.12"`
			`},`
			`{`
			`"version_value": "fixed in 2.8.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-200"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156",`
			`"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156",`
			`"refsource": "CONFIRM"`
			`},`
			`{`
			`"url": "https://github.com/ansible/ansible/pull/57188",`
			`"name": "https://github.com/ansible/ansible/pull/57188",`
			`"refsource": "CONFIRM"`
"-Synchronized-Data." 2019-09-16 15:00:56 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"`
"-Synchronized-Data." 2019-11-06 19:01:31 +00:00			`},`
			`{`
			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:3744",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:3744"`
"-Synchronized-Data." 2019-11-07 17:01:25 +00:00			`},`
			`{`
			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:3789",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:3789"`
CVE-2019-10156 2019-07-30 18:37:14 -03:00			`}`
			`]`
"-Synchronized-Data." 2019-03-27 12:00:51 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
CVE-2019-10156 2019-07-30 18:37:14 -03:00			`"value": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed."`
"-Synchronized-Data." 2019-03-27 12:00:51 +00:00			`}`
			`]`
CVE-2019-10156 2019-07-30 18:37:14 -03:00			`},`
			`"impact": {`
			`"cvss": [`
			`[`
			`{`
			`"vectorString": "4.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",`
			`"version": "3.0"`
			`}`
			`]`
			`]`
"-Synchronized-Data." 2019-03-27 12:00:51 +00:00			`}`
"-Synchronized-Data." 2019-07-30 23:00:55 +00:00			`}`