ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206
github.com/ansible/ansible
github.com/ansible/ansible/commit/4b5aed4e5af4c7aab621662f50a289e99b8ac393
github.com/ansible/ansible/commit/d39488ece44956f6a169a498b067bbef54552be1
github.com/ansible/ansible/commit/d728127310b4f3a40ce8b9df3affb88ffaeea073
lists.debian.org/debian-lts-announce/2023/12/msg00018.html
nvd.nist.gov/vuln/detail/CVE-2019-10206
www.debian.org/security/2021/dsa-4950