Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14904

Опубликовано: 26 авг. 2020
Источник: nvd
CVSS3: 7.3
CVSS2: 6.1
EPSS Низкий

Описание

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Версия до 2.7.15 (исключая)
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Версия от 2.8.0 (включая) до 2.8.7 (исключая)
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
Версия от 2.9.0 (включая) до 2.9.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 13%
0.00044
Низкий

7.3 High

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-20
CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2019-14904

CVSS3: 7.3
ubuntu
больше 5 лет назад

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

redhat логотип

CVE-2019-14904

CVSS3: 7.3
redhat
около 6 лет назад

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

debian логотип

CVE-2019-14904

CVSS3: 7.3
debian
больше 5 лет назад

A flaw was found in the solaris_zone module from the Ansible Community ...

github логотип

GHSA-gwr8-5j83-483c

CVSS3: 7.3
github
почти 5 лет назад

OS Command Injection and Improper Input Validation in ansible

fstec логотип

BDU:2021-03714

CVSS3: 7.3
fstec
больше 5 лет назад

Уязвимость модуля solaris_zone системы управления конфигурациями Ansible, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 13%
0.00044
Низкий

7.3 High

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-20
CWE-78