Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-14905

Опубликовано: 31 мар. 2020
Источник: debian
EPSS Низкий

Описание

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ansiblefixed2.9.4+dfsg-1package
ansibleno-dsabusterpackage
ansibleno-dsastretchpackage
ansiblenot-affectedjessiepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1776943

  • https://github.com/ansible/ansible/pull/65423

  • https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md

  • Fixed by: https://github.com/ansible/ansible/commit/1257448636772859924157fa76341a698e4bf823 (v2.9.3)

  • Fixed by: https://github.com/ansible/ansible/commit/0d08d78637ba8f608b490bf2dc8700604faa8f80 (v2.8.8)

  • Fixed by: https://github.com/ansible/ansible/commit/88416b627caac5f0f4bff335d5387e0bcca938ca (v2.7.16)

EPSS

Процентиль: 16%
0.0005
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-14905

CVSS3: 5.6
ubuntu
почти 6 лет назад

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

redhat логотип

CVE-2019-14905

CVSS3: 5.6
redhat
около 6 лет назад

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

nvd логотип

CVE-2019-14905

CVSS3: 5.6
nvd
почти 6 лет назад

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

github логотип

GHSA-frxj-5j27-f8rf

CVSS3: 5.6
github
почти 5 лет назад

Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible

fstec логотип

BDU:2022-03971

CVSS3: 5.6
fstec
почти 6 лет назад

Уязвимость модуля nxos_file_copy системы управления конфигурациями Ansible, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 16%
0.0005
Низкий