From b4a11e06bb352034932e86d2b72e52938a14e45d Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Wed, 24 Jul 2019 12:12:07 +0200 Subject: [PATCH 1/2] init CVE-2019-10206 --- 2019/10xxx/CVE-2019-10206.json | 67 ++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10206.json b/2019/10xxx/CVE-2019-10206.json index 16d628096c3..243f0b7ae6b 100644 --- a/2019/10xxx/CVE-2019-10206.json +++ b/2019/10xxx/CVE-2019-10206.json @@ -4,15 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Ansible", + "version": { + "version_data": [ + { + "version_value": "fixed in 2.8.4" + }, + { + "version_value": "fixed in 2.7.13" + }, + { + "version_value": "fixed in 2.6.19" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ansible-playbook -k and ansible cli tools, all before versions 2.8.4, 2.7.13, 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.4/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From f727f2ffb1993e2b7e70a2d7b6605b1005af2d9f Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Fri, 22 Nov 2019 13:04:37 +0100 Subject: [PATCH 2/2] CVE-2019-10206 init --- 2019/10xxx/CVE-2019-10206.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10206.json b/2019/10xxx/CVE-2019-10206.json index 243f0b7ae6b..9511f87825d 100644 --- a/2019/10xxx/CVE-2019-10206.json +++ b/2019/10xxx/CVE-2019-10206.json @@ -18,13 +18,13 @@ "version": { "version_data": [ { - "version_value": "fixed in 2.8.4" + "version_value": "all 2.8.x before 2.8.4" }, { - "version_value": "fixed in 2.7.13" + "version_value": "all 2.7.x before 2.7.13" }, { - "version_value": "fixed in 2.6.19" + "version_value": "all 2.6.x before 2.6.19" } ] } @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "ansible-playbook -k and ansible cli tools, all before versions 2.8.4, 2.7.13, 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them." + "value": "ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them." } ] },